3 matches found
CVE-2024-48937
Znuny has a cross-site scripting vulnerability (CVE-2024-48937) affecting Znuny before LTS 6.5.1–6.5.10 and 7.0.1–7.0.16, where JavaScript executed from the short description of the SLA field in Activity Dialogues can be triggered. The underlying issue is an XSS in the SLA short description conte...
CVE-2024-48938
Znuny vulnerable versions: 6.5.1–6.5.10 and 7.0.1–7.0.16. Root cause: DoS/ReDoS via parsing email content when HTML is copied from Microsoft Word, leading to high CPU usage and blocking the parsing process. Impact: potential denial of service. Exploitation details are not provided in the connecte...
PT-2024-24615 · Znuny +1 · Znuny +2
Name of the Vulnerable Software and Affected Versions: Znuny LTS versions 6.5.1 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Recommendations: For Znuny LTS...