Sprache wechseln auf deutsch
Znuny Professional Services

The ((OTRS)) Community Edition Fork with long-term Support (LTS)

Overview

ZSA-2026-12

Date
2026-06-24
Affected
All versions of Znuny LTS from 6.5.1 up to including 6.5.21.
All versions of Znuny 6.0, 6.1, 6.2, 6.3, 6.4.
Severity
medium
CVE
Not requested

A Cross-Site Scripting (XSS) vulnerability exists in the AgentTicketEmailResend template due to missing HTML output filters. User-controlled data was rendered without proper HTML encoding, potentially allowing attackers with access to the agent interface to inject and execute arbitrary HTML or JavaScript in the context of another user's browser session.

Fixed in: Znuny LTS 6.5.22