CVE-2018-19141

Опубликовано: 11 нояб. 2018

Источник: debian

Описание

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
otrs2	fixed	6.0.1-1		package
otrs2	ignored		stretch	package

Примечания

https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
Only the 4.x and 5.x series are affected (and possibly earlier versions).
Add workaround and mark first 6.x version as fixing version

Связанные уязвимости

CVE-2018-19141

CVSS3: 4.8

ubuntu

около 7 лет назад

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.

CVE-2018-19141

CVSS3: 4.8

nvd

около 7 лет назад

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.

GHSA-5j7r-jxpc-qhpw

CVSS3: 4.8

github

больше 3 лет назад

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.

openSUSE-SU-2018:4046-1

suse-cvrf

около 7 лет назад

Security update for otrs