PT-2022-13198 · Otrs Ag · Otrs

Published

2022-02-07

Updated

2022-02-14

CVE-2022-0473

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OTRS AG OTRS versions 7.0.31 and prior versions.

Description The issue allows OTRS administrators to configure a dynamic field and inject malicious JavaScript code into the error message of the regular expression check. When used in the agent interface, this could lead to the execution of malicious code in the browser.

Recommendations For OTRS AG OTRS versions 7.0.31 and prior versions, consider disabling the dynamic field configuration in the agent interface until a patch is available to prevent the injection of malicious JavaScript code. Restrict access to the agent interface to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-0473

Affected Products

Otrs

PT-2022-13198 · Otrs Ag · Otrs

CVE-2022-0473

Weakness Enumeration

Related Identifiers

Affected Products

References · 4