CVE-2025-52204 — Cross-site Scripting in Znuny

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 90.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 23

Description

A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶debiandebian/znuny< znuny 6.5.19-1 (forky)

▶Debianznuny/znuny< 6.5.19-1

OSV

CVE-2025-52204: A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6↗2026-03-23

▶

GHSA

GHSA-79wq-mgjf-5cc2: A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6↗2026-03-23

▶

Debian

CVE-2025-52204: znuny - A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the cu...↗2025

▶

Wiz

CVE-2025-52204 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶