CVE-2026-48209

Name of the Vulnerable Software and Affected Versions OTRS Community Edition versions 6.x and earlier OTRS Community Edition versions 7.0.x

Description Improper neutralization of user-controllable input in ticket handling allows authenticated attackers to perform reflected cross-site scripting (XSS), which is a technique where malicious scripts are injected into a trusted website and reflected back to the user. By injecting malicious JavaScript into manipulated request URLs via crafted request parameters associated with ticket actions, attackers can execute arbitrary script code within the context of an authenticated agent session when the crafted link is opened.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.