Jonas Becker

**Name of the Vulnerable Software and Affected Versions** OTRS Community Edition versions 5.0.0 through 5.0.39 OTRS Community Edition versions 6.0.0 through 6.0.24 OTRS Community Edition versions 7.0.0 through 7.0.13 **Description** The issue allows for the spoofing of the 'from' fields in several screens, including AgentTicketCompose, AgentTicketForward, AgentTicketBounce, and AgentTicketEmailOutbound, due to improper control of parameters. **Recommendations** For versions 5.0.0 through 5.0.39, update to a version newer than 5.0.39 to resolve the issue. For versions 6.0.0 through 6.0.24, update to a version newer than 6.0.24 to resolve the issue. For versions 7.0.0 through 7.0.13, update to a version newer than 7.0.13 to resolve the issue.