Home / Vulnerability Intelligence / CVE-2025-52204

CVE-2025-52204 - Vulnerability Analysis

MediumCVSS: 6.1

Last Updated: March 24, 2026

Znuny ITSM - Stored XSS

Published: March 23, 2026Updated: March 24, 2026PoC AvailableRemote Exploitable

Overview

Znuny ITSM 6.5.x contains a stored XSS vulnerability caused by improper sanitization of the OTRSCustomerInterface parameter in the customer.pl endpoint, letting remote attackers execute scripts, exploit requires crafted input.

Severity & Score

Severity: Medium

CVSS Score: 6.1

Impact

Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version of Znuny ITSM.

References

http://znuny.com
http://znunyitsm.com
https://github.com/j0qq3r/CVE-2025-52204

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-52204
Severity: Medium
CVSS Score: 6.1
Type: stored_xss
Status: unconfirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N