Search CVE reports
1 – 10 of 29 results
CVE-2024-48938
Medium priorityZnuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-48937
Medium priorityZnuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-43444
Medium priorityPasswords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This...
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-43443
Medium priorityImproper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the...
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-43442
Medium priorityImproper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') inĀ OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System...
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-6540
Medium priorityImproper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of...
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Not affected | Not in release | Not in release | — | — |
CVE-2024-23794
Medium priorityAn incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises...
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Not affected | Not in release | Not in release | — | — |
CVE-2024-23793
Medium priorityThe file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web...
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-32493
Medium priorityAn issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-32492
Medium priorityAn issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.
1 affected package
znuny
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
znuny | Needs evaluation | Not in release | Not in release | — | — |