Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zammad 安全漏洞
Vulnerability Description
Zammad是德国Zammad公司的一套票务管理软件。 Zammad 1.0.4之前的版本、1.1.3之前的1.1.x版本和1.2.1之前的1.2.x版本中存在安全漏洞,该漏洞源于程序缺少含有HTTP Access-Control头的保护机制。远程攻击者利用该漏洞直接向REST API发送跨域请求。
CVSS Information
N/A
Vulnerability Type
N/A