Improper Neutralization of Input Leads to Cross-Site Scripting Vulnerability in OTRS

CVE-2024-43442

4.9MEDIUM

Key Information

Vendor: Otrs Ag
Status: Otrs; ((otrs)) Community Edition
Vendor: CVE Published:; 26 August 2024

Summary

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

Affected Version(s)

OTRS <= 7.0.50

OTRS = 8.0.x

OTRS = 2023.x

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 26, 2024
Vulnerability Reserved.
Aug 13, 2024

Collectors

NVD DatabaseMitre Database

Credit

Special thanks to Marek Holka for reporting these vulnerability.