Описание
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
Ссылки
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
There is a XSS vulnerability in the ticket overview screens. It's poss ...
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
Уязвимость экрана обзора заявок системы запроса билетов OTRS, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
7.5 High
CVSS3
4.3 Medium
CVSS2