PT-2019-19844 · Otrs+2 · Otrs+2

Published

2019-03-13

·

Updated

2022-05-03

·

CVE-2019-9752

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 5.x through 5.0.33 Open Ticket Request System (OTRS) versions 6.x through 6.0.15 Open Ticket Request System (OTRS) versions 7.x through 7.0.3
Description An issue was discovered in Open Ticket Request System (OTRS) where an attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
Recommendations For versions 5.x through 5.0.33, update to version 5.0.34 or later. For versions 6.x through 6.0.15, update to version 6.0.16 or later. For versions 7.x through 7.0.3, update to version 7.0.4 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2019-3068
ALT-PU-2019-3183
CVE-2019-9752
DLA-1721-1
OPENSUSE-SU-2020:0551-1
OPENSUSE-SU-2020:1475-1
OPENSUSE-SU-2020:1509-1
OPENSUSE-SU-2020_0551-1
OPENSUSE-SU-2020_1475-1

Affected Products

Alt Linux
Otrs
Suse