CVE-2023-38057

Опубликовано: 24 июл. 2023

Источник: ubuntu

Приоритет: medium

CVSS3: 4.1

Описание

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
lunar	DNE
mantic	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	needs-triage
esm-apps/noble	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	DNE
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage
noble	needs-triage
oracular	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2023-38057

4.1 Medium

CVSS3

Связанные уязвимости

CVE-2023-38057

CVSS3: 4.1

nvd

больше 2 лет назад

GHSA-48q8-4r5f-p5pf

CVSS3: 4.1

github

больше 2 лет назад

4.1 Medium

CVSS3

CVE-2023-38057

Описание

Пакет otrs2

Пакет znuny

Ссылки на источники

Связанные уязвимости