CVE-2019-10067

Name of the Vulnerable Software and Affected Versions: Open Ticket Request System (OTRS) versions 7.x through 7.0.6 Open Ticket Request System (OTRS) Community Edition versions 5.0.x through 5.0.35 Open Ticket Request System (OTRS) Community Edition versions 6.0.x through 6.0.17

Description: An issue was discovered in Open Ticket Request System (OTRS) where an attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.

Recommendations: For versions 7.x through 7.0.6, update to a version outside of this range to mitigate the risk. For Community Edition versions 5.0.x through 5.0.35, update to a version outside of this range to mitigate the risk. For Community Edition versions 6.0.x through 6.0.17, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting URL manipulation capabilities for agent users until a patch is available.