Changeflow GovPing Data Privacy & Cybersecurity Znuny Vulnerability Allows Remote Cross-Site Sc...
Priority review Notice Amended Final

Znuny Vulnerability Allows Remote Cross-Site Scripting Attack

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published
Detected
Email

Summary

CERT-Bund has issued a security advisory regarding a vulnerability in Znuny, an open-source ticketing software. The vulnerability allows remote attackers to perform a Cross-Site Scripting (XSS) attack. Affected versions include Znuny LTS <6.5.19 and Znuny <7.3.1.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0826) detailing a critical vulnerability in the open-source ticketing software Znuny. The vulnerability, identified with a CVSS Base Score of 6.1, allows remote, anonymous attackers to exploit a flaw to conduct Cross-Site Scripting (XSS) attacks. This affects Znuny LTS versions prior to 6.5.19 and Znuny versions prior to 7.3.1, impacting Linux and UNIX operating systems.

Organizations using affected versions of Znuny must take immediate action to mitigate this risk. It is recommended to update to the patched versions (Znuny LTS >= 6.5.19 or Znuny >= 7.3.1) as soon as possible. Failure to do so could expose systems to unauthorized data access or manipulation through XSS attacks, potentially compromising sensitive ticket information and user credentials.

What to do next

  1. Update Znuny LTS to version 6.5.19 or later
  2. Update Znuny to version 7.3.1 or later
  3. Review system logs for signs of exploitation

Archived snapshot

Mar 24, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

[WID-SEC-2026-0826] Znuny: Schwachstelle ermöglicht Cross-Site Scripting CVSS Base Score 6.1 (mittel) CVSS Temporal Score 5.5 (mittel) Remoteangriff ja Datum 23.03.2026 Stand 24.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX

Produktbeschreibung

Znuny ist eine Open Source Ticketing Software.

Produkte

23.03.2026
- Znuny Znuny LTS <6.5.19

  • Znuny Znuny <7.3.1

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Znuny ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Named provisions

Betroffene Systeme Angriff

Related changes

Favicon for wid.cert-bund.de Langflow Vulnerability Allows File Manipulation
Priority review Mar 26, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Znuny Vulnerabilities - Remote Attack Possible
Priority review Mar 26, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de vllm vulnerability allows remote code execution
Priority review Mar 28, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-Bund Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.

What's AI-generated?

The plain-English summary, classification, and "what to do next" steps are AI-generated from the original text. Cite the source document, not the AI analysis.

Last updated

Press inquiries →

Classification

Agency
CERT-Bund
Published
March 23rd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0826

Who this affects

Applies to
Employers
Industry sector
5112 Software & Technology
Activity scope
IT Security Software Management
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Software Vulnerabilities Data Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 360 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Environmental Permits 1 Environmental Regulation 8 Government & Legislation 278 Healthcare 136 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal 1 Legislative 1 Pharma & Drug Safety 104 Public Health 3 Securities & Markets 104 Securities Regulation 9 Tax 66 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.