CVE-2026-50591 PUBLISHED

Assigner: mitre
Reserved: 05.06.2026 Published: 05.06.2026 Updated: 05.06.2026

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS Score: 5.4

CVSS 3.1

Vendor	Znuny
Product	Znuny
Versions	Default: unknown affected from 6.0.0 to 6.5.21 (excl.) affected from 7.0.0 to 7.3.3 (excl.)

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE