Lucene search
K

18 matches found

NVD
NVD
added 2026/06/05 2:17 a.m.12 views

CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

6.4CVSS0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 1:57 a.m.27 views

CVE-2026-50592

The CVE CVE-2026-50592 affects Znuny LTS prior to 6.5.21 and Znuny prior to 7.3.3, with a reflected XSS in AdminCommunicationLog (the communication log administration view). The underlying issue is a reflected cross-site scripting vulnerability that could impact users when viewing the admin commu...

6.4CVSS5.8AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 1:52 a.m.23 views

CVE-2026-50591

Znuny LTS is affected by CVE-2026-50591: stored XSS via user preferences in versions prior to 6.5.21 and prior to 7.3.3. The CVSS vector indicates a LOW privileges requirement with user interaction and network attack vector, leading to a Confidentiality/Integrity impact in practice, with Availabi...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:52 a.m.6 views

CVE-2026-50591

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/10/11 9:15 p.m.14 views

CVE-2024-48937

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed...

6.1CVSS0.00365EPSS
Exploits0References3
NVD
NVD
added 2024/10/11 9:15 p.m.20 views

CVE-2024-48938

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process...

7.5CVSS0.00569EPSS
Exploits0References3
CVE
CVE
added 2024/10/11 12:0 a.m.59 views

CVE-2024-48938

Znuny vulnerable versions: 6.5.1–6.5.10 and 7.0.1–7.0.16. Root cause: DoS/ReDoS via parsing email content when HTML is copied from Microsoft Word, leading to high CPU usage and blocking the parsing process. Impact: potential denial of service. Exploitation details are not provided in the connecte...

7.5CVSS7AI score0.00569EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2024/10/11 12:0 a.m.10 views

CVE-2024-48937

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed...

6.1CVSS5.3AI score0.00365EPSS
Exploits0
OSV
OSV
added 2024/04/29 5:15 p.m.11 views

CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

8.8CVSS7.3AI score
Exploits0References2
OSV
OSV
added 2024/04/29 5:15 p.m.12 views

CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

9.8CVSS7AI score
Exploits0References2
OSV
OSV
added 2024/04/29 5:15 p.m.4 views

UBUNTU-CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

8.8CVSS5.9AI score0.00708EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/29 12:0 a.m.20 views

CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

7AI score0.00719EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/29 12:0 a.m.12 views

CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

7.4AI score0.00708EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.7 views

Znuny和Znuny LTS 安全漏洞

Znuny is a work order system from Znuny, Inc. A security vulnerability exists in Znuny and Znuny LTS that stems from the presence of a path traversal vulnerability. An attacker could exploit the vulnerability to upload a file to an arbitrary writable location. Affected products and versions: Znun...

9.8CVSS7AI score0.00719EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/29 12:0 a.m.18 views

CVE-2024-32493

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request...

7.3AI score0.00708EPSS
Exploits0References2
CVE
CVE
added 2024/04/29 12:0 a.m.84 views

CVE-2024-32493

CVE-2024-32493 affects Znuny LTS 6.5.1–6.5.7 and Znuny 7.0.1–7.0.16. A logged-in agent can inject SQL via the draft_form_id parameter in an AJAX request, indicating an authenticated SQL injection in the affected workflows. Red Hat/Ubuntu OSV, NVD, and other advisories corroborate the vulnerabilit...

8.8CVSS7.3AI score0.00708EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.5 views

PT-2024-24615 · Znuny +1 · Znuny +2

Name of the Vulnerable Software and Affected Versions: Znuny LTS versions 6.5.1 through 6.5.7 Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request. Recommendations: For Znuny LTS...

8.8CVSS7.7AI score0.00708EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2024/04/29 12:0 a.m.18 views

CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

7.2AI score0.00719EPSS
Exploits0References2
Rows per page
Query Builder