CVE-2024-43442

Name of the Vulnerable Software and Affected Versions OTRS versions 7.0.X through 7.0.50 OTRS version 8.0.X OTRS version 2023.X OTRS versions 2024.X through 2024.5.X OTRS Community Edition version 6.0.x

Description The issue exists due to improper neutralization of input, allowing an attacker with admin privileges to conduct a Cross-Site Scripting (XSS) attack within the System Configuration, targeting other admins. This can be exploited by an attacker to perform actions on behalf of other administrators.

Recommendations For OTRS versions 7.0.X through 7.0.50, consider disabling the System Configuration modules to minimize the risk of exploitation until a patch is available. For OTRS version 8.0.X, restrict access to the System Configuration to prevent potential XSS attacks. For OTRS version 2023.X, avoid using the System Configuration modules until the issue is resolved. For OTRS versions 2024.X through 2024.5.X, consider implementing additional security measures, such as input validation, to prevent XSS attacks. For OTRS Community Edition version 6.0.x, restrict access to the System Configuration modules to minimize the risk of exploitation.