Otrs · Otrs · CVE-2020-1771
**Name of the Vulnerable Software and Affected Versions**
OTRS Community Edition versions 6.0.26 and prior
OTRS versions 7.0.15 and prior
**Description**
The issue allows an attacker to craft an article with a link to the customer address book containing malicious JavaScript content. When an agent opens this link, the JavaScript code is executed due to missing parameter encoding.
**Recommendations**
For OTRS Community Edition versions 6.0.26 and prior, update to a version later than 6.0.26.
For OTRS versions 7.0.15 and prior, update to a version later than 7.0.15.