Sprache wechseln auf deutsch
Znuny Professional Services

The ((OTRS)) Community Edition Fork with long-term Support (LTS)

Overview

ZSA-2026-10

Date
2026-05-27
Affected
All versions of Znuny LTS from 6.5.1 up to including 6.5.20.
All versions of Znuny from 7.3.1 up to including 7.3.2.
All versions of Znuny 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1, and 7.2.
Severity
medium
CVE
Not requested

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the communication log administration view (AdminCommunicationLog). URL parameters were rendered into the page output without proper escaping, allowing an attacker to inject arbitrary JavaScript via a crafted URL. When the crafted URL is opened by an authenticated administrator, the payload executes in the victim's browser within the security context of their session.

Fixed in: Znuny LTS 6.5.21 and Znuny 7.3.3