VulnerableCode Package Details - pkg:deb/debian/znuny@6.5.1-1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/znuny@6.5.1-1

Essentials
History (42)

purl	pkg:deb/debian/znuny@6.5.1-1

Next non-vulnerable version	6.5.15-2~bpo12+1
Latest non-vulnerable version	6.5.18-1~bpo13+1
Risk	3.1

Vulnerabilities affecting this package (14)

Vulnerability	Summary	Fixed by
VCID-169g-wxmh-qqbw Aliases: CVE-2024-48937	Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-1mkr-c1ay-jygw Aliases: CVE-2025-26844	An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-2rbn-u9eg-sua7 Aliases: CVE-2025-43926	An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other function calls, which then might use these keys/values to affect permissions or other settings.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-4sdd-c9p8-3fac Aliases: CVE-2025-52204	A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities. 6.5.18-1~bpo13+1 Affected by 0 other vulnerabilities.
VCID-cqx8-tegf-pfhh Aliases: CVE-2025-26842	An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-kfqh-mtw2-3feu Aliases: CVE-2025-26847	An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-kr13-v6jr-5kg6 Aliases: CVE-2024-32491	An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-ndgh-dr9p-kqbu Aliases: CVE-2024-32493	An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-qysv-aehy-d7ay Aliases: CVE-2023-38060	Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-s8fu-wpk4-3ycc Aliases: CVE-2025-26846	An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic Interface to update ticket metadata.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-x1sc-wvc6-a3hz Aliases: CVE-2024-48938	Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-yrdb-btgm-p3cd Aliases: CVE-2025-26845	An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities.
VCID-zd8d-c1nk-g7a4 Aliases: CVE-2025-3573 GHSA-rrj2-ph5q-jxw2	jquery-validation vulnerable to Cross-site Scripting Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.	6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities. 6.5.18-1~bpo13+1 Affected by 0 other vulnerabilities.
VCID-zhfb-ajkc-5uc4 Aliases: CVE-2025-59490		6.5.15-2~bpo12+1 Affected by 0 other vulnerabilities. 6.5.18-1~bpo13+1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:26:25.917339+00:00	Debian Importer	Affected by	VCID-ndgh-dr9p-kqbu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:07:24.154855+00:00	Debian Importer	Affected by	VCID-s8fu-wpk4-3ycc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:58:58.322817+00:00	Debian Importer	Affected by	VCID-1mkr-c1ay-jygw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:28:47.391791+00:00	Debian Importer	Affected by	VCID-kfqh-mtw2-3feu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:10:30.442681+00:00	Debian Importer	Affected by	VCID-cqx8-tegf-pfhh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:09:44.854049+00:00	Debian Importer	Affected by	VCID-2rbn-u9eg-sua7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:52:10.681234+00:00	Debian Importer	Affected by	VCID-4sdd-c9p8-3fac	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:55:28.551403+00:00	Debian Importer	Affected by	VCID-qysv-aehy-d7ay	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:41:38.917424+00:00	Debian Importer	Affected by	VCID-169g-wxmh-qqbw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:30:20.855015+00:00	Debian Importer	Affected by	VCID-x1sc-wvc6-a3hz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:23:05.975758+00:00	Debian Importer	Affected by	VCID-zhfb-ajkc-5uc4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:22:54.421586+00:00	Debian Importer	Affected by	VCID-kr13-v6jr-5kg6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:57:17.471506+00:00	Debian Importer	Affected by	VCID-yrdb-btgm-p3cd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:56:14.661807+00:00	Debian Importer	Affected by	VCID-zd8d-c1nk-g7a4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:16:20.102371+00:00	Debian Importer	Affected by	VCID-ndgh-dr9p-kqbu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:17:22.256893+00:00	Debian Importer	Affected by	VCID-s8fu-wpk4-3ycc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:10:55.748717+00:00	Debian Importer	Affected by	VCID-1mkr-c1ay-jygw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:49:23.524645+00:00	Debian Importer	Affected by	VCID-kfqh-mtw2-3feu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:35:44.718683+00:00	Debian Importer	Affected by	VCID-cqx8-tegf-pfhh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:35:09.342236+00:00	Debian Importer	Affected by	VCID-2rbn-u9eg-sua7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:21:44.774302+00:00	Debian Importer	Affected by	VCID-4sdd-c9p8-3fac	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:38:35.111115+00:00	Debian Importer	Affected by	VCID-qysv-aehy-d7ay	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:26:53.334859+00:00	Debian Importer	Affected by	VCID-169g-wxmh-qqbw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:20:26.648338+00:00	Debian Importer	Affected by	VCID-x1sc-wvc6-a3hz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:15:59.258544+00:00	Debian Importer	Affected by	VCID-zhfb-ajkc-5uc4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:15:51.515293+00:00	Debian Importer	Affected by	VCID-kr13-v6jr-5kg6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:00:31.967960+00:00	Debian Importer	Affected by	VCID-yrdb-btgm-p3cd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:59:49.157523+00:00	Debian Importer	Affected by	VCID-zd8d-c1nk-g7a4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T20:09:31.554967+00:00	Debian Importer	Affected by	VCID-ndgh-dr9p-kqbu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:31:01.785554+00:00	Debian Importer	Affected by	VCID-s8fu-wpk4-3ycc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:26:59.263929+00:00	Debian Importer	Affected by	VCID-1mkr-c1ay-jygw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:12:11.655914+00:00	Debian Importer	Affected by	VCID-kfqh-mtw2-3feu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:02:57.591701+00:00	Debian Importer	Affected by	VCID-cqx8-tegf-pfhh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:02:36.400314+00:00	Debian Importer	Affected by	VCID-2rbn-u9eg-sua7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:53:37.466205+00:00	Debian Importer	Affected by	VCID-4sdd-c9p8-3fac	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:24:59.459371+00:00	Debian Importer	Affected by	VCID-qysv-aehy-d7ay	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T18:10:03.212980+00:00	Debian Importer	Affected by	VCID-169g-wxmh-qqbw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T18:05:44.339961+00:00	Debian Importer	Affected by	VCID-x1sc-wvc6-a3hz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T18:02:55.194727+00:00	Debian Importer	Affected by	VCID-zhfb-ajkc-5uc4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T18:02:49.166197+00:00	Debian Importer	Affected by	VCID-kr13-v6jr-5kg6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T17:52:58.036932+00:00	Debian Importer	Affected by	VCID-yrdb-btgm-p3cd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-04T17:52:33.949188+00:00	Debian Importer	Affected by	VCID-zd8d-c1nk-g7a4	https://security-tracker.debian.org/tracker/data/json	38.1.0