CVE-2026-50592
📛 CVE Title
CVE-2026-50592
Description
In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view).
Overview
- State
- PUBLISHED
- Assigner (CNA)
- mitre
- CVSS severity
- MEDIUM
- CVSS score
- 6.4 / 10
- CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N- Effective score
- 6.4 / 10 MEDIUM source: CNA overview
- CWE(s)
-
CWE-79 - Reserved
- 2026-06-05
- Published
- 2026-06-05 01:57 UTC
- Last updated
- 2026-06-05 02:22 UTC
- Source
- https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/50xxx/CVE-2026-50592.json
Affected products (1)
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Znuny | Znuny |
0 (affected),
7.0.0 (affected)
|
— |
Remediations (0)
No remediations stored yet — an automatic web search has been queued to a collection agent. Please wait while we search for remediations… this page reloads automatically when results arrive.
Vendor references (1)
References embedded in the original CVE record by the assigning CNA.
Web references (0)
DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.
No web references attached yet.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.
Raw JSON
The full cvelistV5 record. Download as CVE-2026-50592.json.
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Znuny",
"vendor": "Znuny",
"versions": [
{
"lessThan": "6.5.21",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "7.3.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:znuny:znuny:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.3.3",
"versionStartIncluding": "7.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in \n\nAdminCommunicationLog (aka the communication log administration view)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T02:22:54.361Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.znuny.org/en/advisories/zsa-2026-10"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-50592",
"datePublished": "2026-06-05T01:57:34.843Z",
"dateReserved": "2026-06-05T01:57:34.434Z",
"dateUpdated": "2026-06-05T02:22:54.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}