CVE-2021-42088
https://notcve.org/view.php?id=CVE-2021-42088
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. La funcionalidad Chat permite un ataque de tipo XSS porque los datos del portapapeles son manejados inapropiadamente • https://zammad.com/en/advisories/zaa-2021-12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-42089
https://notcve.org/view.php?id=CVE-2021-42089
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. La API REST divulga información confidencial • https://zammad.com/en/advisories/zaa-2021-13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-42090
https://notcve.org/view.php?id=CVE-2021-42090
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. La funcionalidad Form permite una ejecución de código remota porque la deserialización es manejada inapropiadamente • https://zammad.com/en/advisories/zaa-2021-14 • CWE-502: Deserialization of Untrusted Data •
CVE-2021-42091
https://notcve.org/view.php?id=CVE-2021-42091
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. Un ataque de tipo SSRF puede ocurrir por medio de la integración de GitHub o GitLab • https://zammad.com/en/advisories/zaa-2021-08 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-42092
https://notcve.org/view.php?id=CVE-2021-42092
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. una vulnerabilidad de tipo XSS almacenado puede producirse por medio de un Artículo durante la adición de un archivo adjunto a un Ticket • https://zammad.com/en/advisories/zaa-2021-16 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •