Описание
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
Ссылки
- Broken Link
- Broken Link
- Broken Link
- Mailing ListNot ApplicableThird Party Advisory
- PatchVendor Advisory
- Broken Link
- Broken Link
- Broken Link
- Mailing ListNot ApplicableThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
2 Low
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
Due to improper handling of uploaded images it is possible in very unl ...
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
EPSS
2 Low
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2