CVE Catalog

CVE-2025-52204

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

A Cross-Site Scripting (XSS) vulnerability in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter allows an attacker to inject malicious scripts.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform actions on their behalf, compromising system confidentiality and integrity.

Recommendation

Immediately update Znuny::ITSM to the latest patched version and validate/sanitize the OTRSCustomerInterface parameter.

Original NVD description (English source)

A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter

Vulnerability data from NVD (NIST) · CISA KEV · EPSS