pkg:Debian/znuny

All known vulnerabilities

• CRITICAL9.8CVE-2025-26846An issue was discovered in Znuny before 7.1.4.
  from 0
• CRITICAL9.8CVE-2025-26845An Eval Injection issue was discovered in Znuny through 7.1.3.
  from 0
• CRITICAL9.8CVE-2025-26844An issue was discovered in Znuny through 7.1.3.
  from 0
• CRITICAL9.8An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file…
  from 0
• CRITICAL9.8Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservic…
  from 0, < 6.4.5-1
• HIGH8.8An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in th…
  from 0
• HIGH8.8Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS…
  from 0
• HIGH7.5An issue was discovered in Znuny before 7.1.5.
  from 0
• HIGH7.5An issue was discovered in Znuny through 7.1.3.
  from 0
• HIGH7.5Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email.
  from 0
• MEDIUM6.4In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administratio…
  from 0
• MEDIUM6.1A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter
  from 0
• MEDIUM6.1An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6.
  from 0
• MEDIUM6.1jquery-validation vulnerable to Cross-site Scripting
  from 0
• MEDIUM6.1Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS.
  from 0
• MEDIUM5.4In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.
  from 0
• —(no summary)
  from 0
• —(no summary)
  from 0