{"id":"CVE-2024-48937","details":"Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.","modified":"2026-03-14T08:45:16.707599Z","published":"2024-10-11T21:15:07.307Z","references":[{"type":"WEB","url":"https://www.znuny.com"},{"type":"ADVISORY","url":"https://www.znuny.org/en/advisories"},{"type":"ADVISORY","url":"https://www.znuny.org/en/advisories/zsa-2024-05"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"6.0.0"},{"fixed":"6.1.0"}]},{"events":[{"introduced":"6.5.1"},{"last_affected":"6.5.10"}]},{"events":[{"introduced":"7.0.1"},{"last_affected":"7.0.16"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-48937.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}