An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-08
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-05-08
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-10-11
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-10-11