PT-2023-16838 · Otrs Ag+1 · Otrs Community Edition+2

Publicado

2021-09-29

·

Atualizado

2024-08-06

·

CVE-2023-1248

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.41 OTRS Community Edition versions 6.0.1 through 6.0.34
Description The issue is related to an Improper Input Validation vulnerability in the Ticket Actions modules of OTRS AG OTRS and OTRS AG OTRS Community Edition, allowing Cross-Site Scripting (XSS).
Recommendations For OTRS versions 7.0.X through 7.0.41, update to version 7.0.42 or later. For OTRS Community Edition versions 6.0.1 through 6.0.34, update to version 6.0.35 or later. As a temporary workaround, consider disabling the Ticket Actions modules until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALT-PU-2021-2917
ALT-PU-2021-3039
ALT-PU-2021-3058
ALT-PU-2024-10583
CVE-2023-1248

Produtos afetados

Alt Linux
Otrs
Otrs Community Edition