Executive Summary

CVE-2025-52204 is a Reflected Cross-Site Scripting (XSS) and HTML Injection vulnerability in Znuny, specifically affecting the customer.pl endpoint.

The vulnerability allows unauthenticated remote attackers to inject arbitrary JavaScript or HTML via a parameter defined by the system configuration variable CustomerPanelSessionName, commonly known as OTRSCustomerInterface.

This means that an attacker can craft a malicious URL that, when visited by a user, causes the application to execute attacker-controlled scripts in the victim’s browser.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have several impacts including:

• Injection of arbitrary HTML or JavaScript into the HTTP response.
• Manipulation of the customer-facing login interface.
• Display of deceptive or phishing-style content to users.
• Redirecting users to attacker-controlled resources.
• Execution of malicious scripts in the victim’s browser within the context of the affected application.

The attack requires no authentication and can be performed remotely via crafted GET requests, making it easier for attackers to exploit.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP requests targeting the customer.pl endpoint, specifically looking for requests that include the OTRSCustomerInterface parameter with suspicious or crafted payloads.'}, {'type': 'paragraph', 'content': 'You can use network monitoring tools or web server logs to identify such requests. For example, using command-line tools like curl or wget to test the endpoint with a crafted payload can help verify if the vulnerability exists.'}, {'type': 'list_item', 'content': "Example curl command to test for reflected XSS: curl -v 'http://your-znuny-instance/otrs/customer.pl?OTRSCustomerInterface=<script>alert(1)</script>'"}, {'type': 'list_item', 'content': 'Check web server logs for GET requests to /otrs/customer.pl or /znuny/customer.pl containing suspicious script tags or unusual parameter values.'}, {'type': 'list_item', 'content': 'Use intrusion detection systems or web application firewalls (WAF) to alert on requests containing typical XSS payload patterns targeting the OTRSCustomerInterface parameter.'}] [2]

Useful 0 Not Useful 0

Mitigation Strategies

The primary and most effective mitigation is to upgrade Znuny to the fixed versions: Znuny LTS 6.5.19 or Znuny 7.3.1, where the vulnerability has been patched.

In addition to upgrading, you should review and restrict public exposure of the customer-facing interface to reduce the attack surface.

Monitor incoming requests targeting the customer.pl endpoint for suspicious activity and consider applying local configuration hardening, although this may not fully mitigate the issue without the vendor fix.

Useful 0 Not Useful 0