Sprache wechseln auf deutsch
Znuny Professional Services

The ((OTRS)) Community Edition Fork with long-term Support (LTS)

Overview

ZSA-2026-01

Date
2026-03-25
Affected
All versions of Znuny LTS from 6.5.1 up to including 6.5.18.
All versions of Znuny from 7.2.1 up to including 7.2.3.
All versions of Znuny 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, and 7.1.
Severity
medium
CVE
CVE-2025-52204

A Reflected Cross-Site Scripting (XSS) and HTML Injection vulnerability exists in Znuny, allowing attackers to inject arbitrary JavaScript or HTML via the parameter defined by the system configuration CustomerPanelSessionName in the customer.pl endpoint.

Fixed in: Znuny LTS 6.5.19 and Znuny 7.3.1

Thank you to Miguel Ponce for reporting.