PT-2023-10709 · Otrs · Open Ticket Request System

Published

2023-04-15

Updated

2023-04-26

CVE-2018-17883

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 6.0.x through 6.0.11

Description An issue was discovered in Open Ticket Request System (OTRS) where an attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.

Recommendations For Open Ticket Request System (OTRS) versions 6.0.x through 6.0.11, update to version 6.0.12 or later to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-17883

Affected Products

Open Ticket Request System

PT-2023-10709 · Otrs · Open Ticket Request System

CVE-2018-17883

Weakness Enumeration

Related Identifiers

Affected Products

References · 11