Sprache wechseln auf deutsch
Znuny Professional Services

The ((OTRS)) Community Edition Fork with long-term Support (LTS)

Overview

ZSA-2026-11

Date
2026-05-27
Affected
All versions of Znuny LTS from 6.5.1 up to including 6.5.20.
All versions of Znuny from 7.3.1 up to including 7.3.2.
All versions of Znuny 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1, and 7.2.
Severity
medium
CVE
Not requested

A Stored Cross-Site Scripting (XSS) vulnerability exists in the handling of user preferences stored in the database. Values persisted in user preferences were rendered without sufficient output encoding, allowing previously injected JavaScript to be executed when the affected preference is displayed in the browser within the security context of the user's session.

Fixed in: Znuny LTS 6.5.21 and Znuny 7.3.3