CVE Catalog
CVE-2025-52204
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.28%
20th percentile - higher than 20% of all known CVEs
Summary
A Cross-Site Scripting (XSS) vulnerability in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter allows an attacker to inject malicious scripts.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform actions on their behalf, compromising system confidentiality and integrity.
Recommendation
Immediately update Znuny::ITSM to the latest patched version and validate/sanitize the OTRSCustomerInterface parameter.
Original NVD description (English source)
A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter

