CVE-2022-0475

Name of the Vulnerable Software and Affected Versions OTRS AG OTRS versions 7.0.0 through 7.0.32 OTRS AG OTRS versions 8.0.0 through 8.0.19

Description A malicious translator can inject JavaScript code into translatable strings where HTML is allowed. This code can be executed in the Package manager.

Recommendations For OTRS AG OTRS versions 7.0.0 through 7.0.32, update to a version later than 7.0.32 to resolve the issue. For OTRS AG OTRS versions 8.0.0 through 8.0.19, update to a version later than 8.0.19 to resolve the issue. As a temporary workaround, consider restricting the ability to inject JavaScript code into translatable strings until a patch is available.