Search CVE reports


Toggle filters

1 – 10 of 29 results


CVE-2024-48938

Medium priority
Needs evaluation

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages

CVE-2024-48937

Medium priority
Needs evaluation

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages

CVE-2024-43444

Medium priority
Needs evaluation

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This...

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages

CVE-2024-43443

Medium priority
Needs evaluation

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the...

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages

CVE-2024-43442

Medium priority
Needs evaluation

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') inĀ  OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System...

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages

CVE-2024-6540

Medium priority
Not affected

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of...

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Not affected Not in release Not in release
Show less packages

CVE-2024-23794

Medium priority
Not affected

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises...

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Not affected Not in release Not in release
Show less packages

CVE-2024-23793

Medium priority
Needs evaluation

The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web...

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages

CVE-2024-32493

Medium priority
Needs evaluation

An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages

CVE-2024-32492

Medium priority
Needs evaluation

An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.

1 affected package

znuny

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
znuny Needs evaluation Not in release Not in release
Show less packages