{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "2.1.0" }, { "last_affected": "2.1.2" }, { "introduced": "2.2.0" }, { "last_affected": "2.2.1" }, { "introduced": "0" }, { "last_affected": "2.3.0" } ] }, "events": [ { "introduced": "c6ca66c3e0bda6bf983fc39022c2afc5c1808b55" }, { "last_affected": "626246026c7b1691b0aa685aa50c8a0db6bfdd7d" }, { "introduced": "7209b85c16d31e0ea5dcf2c1eb659cb292dba794" }, { "last_affected": "5c983f69e898db975046151b0bd01307131fce80" }, { "introduced": "0" }, { "last_affected": "ea50d0c06f2de01046ee305b631a42702a063cda" } ], "repo": "https://github.com/zammad/zammad", "type": "GIT" } ] } ], "details": "Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.", "id": "CVE-2019-1010018", "modified": "2026-03-14T13:47:56.477201914Z", "published": "2019-07-16T13:15:10.893Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/zammad/zammad/issues/1869" }, { "type": "FIX", "url": "https://github.com/zammad/zammad/compare/5c983f6...1a9af7d" }, { "type": "FIX", "url": "https://github.com/zammad/zammad/compare/ea50d0c...238784d" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }