Описание
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
3.8 Low
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.
EPSS
3.8 Low
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2