A vulnerability was found in Znuny up to 6.5.20/7.3.2 and classified as problematic . Affected is an unknown function of the component User Preferences Handler . The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-50591 . The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.