CVE-2024-48937

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*

History

17 Oct 2024, 19:48

Type Values Removed Values Added
First Time Znuny
Znuny znuny
References () https://www.znuny.com - () https://www.znuny.com - Product
References () https://www.znuny.org/en/advisories - () https://www.znuny.org/en/advisories - Vendor Advisory
References () https://www.znuny.org/en/advisories/zsa-2024-05 - () https://www.znuny.org/en/advisories/zsa-2024-05 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
CWE CWE-79

15 Oct 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) Las versiones anteriores a LTS 6.5.1 a 6.5.10 y 7.0.1 a 7.0.16 de Znuny permiten XSS. Se ejecuta el código JavaScript en la descripción breve del campo SLA en los diálogos de actividad.

11 Oct 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-11 21:15

Updated : 2024-10-17 19:48


NVD link : CVE-2024-48937

Mitre link : CVE-2024-48937

CVE.ORG link : CVE-2024-48937


JSON object : View

Products Affected

znuny

  • znuny
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')