Описание
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 6.0.11-1 |
| devel | DNE | |
| disco | not-affected | |
| eoan | not-affected | |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE |
Показывать по
Ссылки на источники
EPSS
4.9 Medium
CVSS2
4.6 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
EPSS
4.9 Medium
CVSS2
4.6 Medium
CVSS3