PT-2023-10709 · Otrs · Open Ticket Request System

Publicado

2023-04-15

Atualizado

2023-04-26

CVE-2018-17883

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 6.0.x through 6.0.11

Description An issue was discovered in Open Ticket Request System (OTRS) where an attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.

Recommendations For Open Ticket Request System (OTRS) versions 6.0.x through 6.0.11, update to version 6.0.12 or later to resolve the issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-17883

Produtos afetados

Open Ticket Request System

PT-2023-10709 · Otrs · Open Ticket Request System

CVE-2018-17883

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11