CVE-2020-1766

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OTRS Community Edition versions 5.0.39 and prior versions OTRS Community Edition versions 6.0.24 and prior versions OTRS Community Edition versions 7.0.13 and prior versions

Description The issue arises from improper handling of uploaded images, allowing malicious javascript to be executed in rare conditions. This occurs when a specially crafted SVG file is rendered as an inline jpg file, potentially forcing the agent's browser to execute the malicious code.

Recommendations For OTRS Community Edition versions 5.0.39 and prior versions, update to a version later than 5.0.39 to resolve the issue. For OTRS Community Edition versions 6.0.24 and prior versions, update to a version later than 6.0.24 to resolve the issue. For OTRS Community Edition versions 7.0.13 and prior versions, update to a version later than 7.0.13 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2020-2649

ALT-PU-2020-2748

CVE-2020-1766

DLA-2079-1

DLA-3551-1

OPENSUSE-SU-2020:0551-1

OPENSUSE-SU-2020:1475-1

OPENSUSE-SU-2020:1509-1

OPENSUSE-SU-2020_0551-1

OPENSUSE-SU-2020_1475-1

Affected Products

Alt Linux

Otrs Community Edition

Suse

CVE-2020-1766

Weakness Enumeration

Related Identifiers

Affected Products

References · 53