CVE-2024-32492

NameCVE-2024-32492
DescriptionAn issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
znuny (PTS)bookworm/non-free6.5.1-1fixed
trixie/non-free, sid/non-free6.5.11-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
znunysource(unstable)(not affected)

Notes

- znuny <not-affected> (Only affects Znuny from 7.0.1 up to including 7.0.16)
https://www.znuny.org/en/advisories/zsa-2024-02

Search for package or bug name: Reporting problems