Search for vulnerabilities
Vulnerability details: VCID-vx1p-8fb3-rbfs
Vulnerability ID VCID-vx1p-8fb3-rbfs
Aliases CVE-2024-48937
Summary Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00137 https://api.first.org/data/v1/epss?cve=CVE-2024-48937
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2024-48937
cvssv3.1 6.1 https://www.znuny.com
ssvc Track https://www.znuny.com
cvssv3.1 6.1 https://www.znuny.org/en/advisories
ssvc Track https://www.znuny.org/en/advisories
cvssv3.1 6.1 https://www.znuny.org/en/advisories/zsa-2024-05
ssvc Track https://www.znuny.org/en/advisories/zsa-2024-05
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-48937
https://www.znuny.com
https://www.znuny.org/en/advisories
https://www.znuny.org/en/advisories/zsa-2024-05
cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:znuny:znuny:*:*:*:*:-:*:*:*
cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:znuny:znuny:*:*:*:*:lts:*:*:*
CVE-2024-48937 https://nvd.nist.gov/vuln/detail/CVE-2024-48937
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-48937
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.znuny.com
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/ Found at https://www.znuny.com
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.znuny.org/en/advisories
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/ Found at https://www.znuny.org/en/advisories
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.znuny.org/en/advisories/zsa-2024-05
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T15:39:09Z/ Found at https://www.znuny.org/en/advisories/zsa-2024-05
Exploit Prediction Scoring System (EPSS)
Percentile 0.34487
EPSS Score 0.00137
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T13:57:16.378527+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 36.1.3