CVE-2024-32492 — Code Injection in Znuny

Severity

7.1HIGHNVD

EPSS

0.7%

top 29.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 29

Description

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

▶NVDznuny/znuny7.0.1 — 7.0.16

OSV

CVE-2024-32492: An issue was discovered in Znuny 7↗2024-04-29

▶

GHSA

GHSA-c75w-9qpm-w8gc: An issue was discovered in Znuny 7↗2024-04-29

▶

Debian

CVE-2024-32492: znuny - An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail vi...↗2024

▶