{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-52204", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T15:14:09.199Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-03-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-23T19:38:46.254Z"}, "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://znuny.com"}, {"url": "http://znunyitsm.com"}, {"url": "https://github.com/j0qq3r/CVE-2025-52204"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "references": [{"url": "https://github.com/j0qq3r/CVE-2025-52204", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T15:00:50.883848Z", "id": "CVE-2025-52204", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:14:09.199Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-52204", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-24T15:14:09.199Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-03-23T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-23T19:38:46.254Z"}, "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://znuny.com"}, {"url": "http://znunyitsm.com"}, {"url": "https://github.com/j0qq3r/CVE-2025-52204"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-52204", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-24T15:00:50.883848Z"}}}], "references": [{"url": "https://github.com/j0qq3r/CVE-2025-52204", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-24T15:01:13.680Z"}}]}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter"}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) existe en Znuny::ITSM 6.5.x en el endpoint customer.pl a trav\u00e9s del par\u00e1metro OTRSCustomerInterface"}], "id": "CVE-2025-52204", "lastModified": "2026-03-24T16:16:26.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-23T20:16:23.263", "references": [{"source": "cve@mitre.org", "url": "http://znuny.com"}, {"source": "cve@mitre.org", "url": "http://znunyitsm.com"}, {"source": "cve@mitre.org", "url": "https://github.com/j0qq3r/CVE-2025-52204"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/j0qq3r/CVE-2025-52204"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[6.5.0,6.6.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "znuny", "vendor": "znuny"}], "analysis": {"en": {"generated_at": "2026-03-24T17:25:41.546304+00:00", "value": {"mitigation_remediation": ["Apply a vendor provided patch or upgrade to a newer version once available", "If no patch is available, escape or encode the OTRSCustomerInterface parameter before rendering the page or disable the parameter entirely", "Restrict access to the customer.pl endpoint to known IP ranges or authenticated users when possible", "Monitor application logs for anomalous input or repeated XSS attempt patterns"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting (script injection)"}, "threat_synthesis": {"affected_systems": "The affected product is Znuny::ITSM 6.5.x, as noted in the advisory. No earlier or later version information is available, so all releases within the 6.5.x series should be treated as vulnerable until an update is released by the developers.", "description_and_impact": "A cross\u2011site scripting vulnerability is present in Znuny::ITSM 6.5.x within the customer.pl endpoint when the OTRSCustomerInterface parameter is used. The flaw allows an attacker to embed malicious JavaScript into the page without proper input sanitization. If executed in a victim's browser, the script could read cookies, hijack sessions, or perform actions on behalf of the user, thereby compromising confidentiality and integrity of user accounts and potentially allowing further attacks.", "risk_and_exploitability": "The vulnerability scores CVSS 6.1 with an EPSS of less than 1%, indicating low current exploitation probability. It is not listed in the CISA KEV catalog. Because the flaw is accessed via HTTP requests to the customer.pl page, any user with web access could attempt exploitation. While the current threat level is moderate, administrators should patch or apply mitigations promptly."}}}}, "created": "2026-03-24T10:34:57.593171+00:00", "title": "Cross\u2011Site Scripting in Znuny::ITSM 6.5.x Customer Interface", "updated": "2026-03-25T14:50:05.295058+00:00", "vendors": ["znuny", "znuny$PRODUCT$znuny"]}