External JavaScript Execution Vulnerability in Znuny by Znuny
CVE-2024-32492

7.1HIGH

Key Information:

Vendor: Znuny
Status: Znuny
Vendor: CVE Published:; 29 April 2024

What is CVE-2024-32492?

A vulnerability has been identified in Znuny versions 7.0.1 through 7.0.16 that allows the execution of external JavaScript code via the ticket detail view in the customer front end. This could potentially enable an attacker to manipulate the web interface or exploit other vulnerabilities by executing malicious scripts. Users are recommended to review the advisory and update their installations to mitigate possible risks.

References

https://znuny.com

https://www.znuny.org/en/advisories/zsa-2024-02

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2024

CVE-2024-32492 Data

JSON