Home > Vulnerability Database > CVE-2024-48937

Mend.io Vulnerability Database

CVE-2024-48937

Date: October 10, 2024

Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.

Language: Perl

Severity Score

6.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-48937

Url: https://www.znuny.org/en/advisories

Url: https://www.znuny.com

Url: https://www.znuny.org/en/advisories/zsa-2024-05

Url: https://www.mend.io/vulnerability-database/CVE-2024-48937

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-48937

Date: October 10, 2024

Language: Perl

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?