Anton Astaf’Ev

**Name of the Vulnerable Software and Affected Versions** OTRS Community Edition versions 5.0.39 and prior versions OTRS Community Edition versions 6.0.24 and prior versions OTRS Community Edition versions 7.0.13 and prior versions **Description** The issue arises from improper handling of uploaded images, allowing malicious javascript to be executed in rare conditions. This occurs when a specially crafted SVG file is rendered as an inline jpg file, potentially forcing the agent's browser to execute the malicious code. **Recommendations** For OTRS Community Edition versions 5.0.39 and prior versions, update to a version later than 5.0.39 to resolve the issue. For OTRS Community Edition versions 6.0.24 and prior versions, update to a version later than 6.0.24 to resolve the issue. For OTRS Community Edition versions 7.0.13 and prior versions, update to a version later than 7.0.13 to resolve the issue.