Marcelo Makoto

**Name of the Vulnerable Software and Affected Versions** OTRS Survey module versions 7.0.X through 7.0.31 OTRS Survey module versions 8.0.X through 8.0.12 OTRS Community Edition Survey module versions 6.0.X through 6.0.22 **Description** An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. **Recommendations** For OTRS Survey module versions 7.0.X through 7.0.31, update to version 7.0.32 or later. For OTRS Survey module versions 8.0.X through 8.0.12, update to version 8.0.13 or later. For OTRS Community Edition Survey module versions 6.0.X through 6.0.22, update to a version later than 6.0.22. As a temporary workaround, consider restricting access to the survey module until a patch is available.