Cross-Site Scripting Vulnerability in Znuny SLA Field
CVE-2024-48937

6.1MEDIUM

Key Information:

Vendor: Znuny
Status: Znuny
Vendor: CVE Published:; 11 October 2024

What is CVE-2024-48937?

A Cross-Site Scripting vulnerability exists in Znuny versions prior to 6.5.1 and 7.0.1. Malicious JavaScript code can be executed if it is inserted into the short description field of the SLA in Activity Dialogues. This could allow attackers to manipulate web sessions, steal sensitive data, or perform actions on behalf of the user.

References

https://www.znuny.com

https://www.znuny.org/en/advisories/zsa-2024-05

https://www.znuny.org/en/advisories

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 11, 2024
Vulnerability Reserved
Oct 9, 2024

CVE-2024-48937 Data

JSON