CVE-2024-43443

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.50 OTRS version 8.0.X OTRS version 2023.X OTRS versions 2024.X through 2024.5.X ((OTRS)) Community Edition version 6.0.x

Description The issue is related to improper neutralization of input, allowing an attacker with admin privileges to perform Cross-Site Scripting (XSS) within the Process Management module, targeting other admins. This can lead to unauthorized access and data theft. Products based on the ((OTRS)) Community Edition are also likely to be affected.

Recommendations For OTRS versions 7.0.X through 7.0.50, update to a version outside of this range to resolve the issue. For OTRS version 8.0.X, update to a version outside of this range to resolve the issue. For OTRS version 2023.X, update to a version outside of this range to resolve the issue. For OTRS versions 2024.X through 2024.5.X, update to a version outside of this range to resolve the issue. For ((OTRS)) Community Edition version 6.0.x, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Process Management module to minimize the risk of exploitation.