CVE-2024-48937 — Cross-site Scripting in Znuny

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

1.5%

top 18.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Znuny Debian Znuny

Timeline

PublishedOct 11

Description

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDznuny/znuny6.0.0 — 6.1.0+2

▶debiandebian/znuny< znuny 6.5.11-1 (forky)

▶Debianznuny/znuny< 6.5.11-1+1

🔴Vulnerability Details

GHSA

GHSA-q6x3-2mmr-2q9c: Znuny before LTS 6↗2024-10-11

▶

OSV

CVE-2024-48937: Znuny before LTS 6↗2024-10-11

▶

📋Vendor Advisories

Debian

CVE-2024-48937: znuny - Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaS...↗2024

▶