Improper Neutralization of Input Leads to Cross-Site Scripting Vulnerability in OTRS
CVE-2024-43442

4.9MEDIUM

Key Information:

Vendor: Otrs Ag
Status: Otrs; ((otrs)) Community Edition
Vendor: CVE Published:; 26 August 2024

Summary

A vulnerability exists in OTRS and its Community Edition due to improper neutralization of input, which is exploited by an attacker with administrative privileges. This flaw permits Cross-Site Scripting (XSS) attacks within the system configuration, posing risks to other administrative users. Affected versions encompass several releases from 7.0 to the latest, highlighting the urgent need for patching and security measures to mitigate potential exploitation.

Affected Version(s)

((OTRS)) Community Edition 6.0.x

OTRS 7.0.x <= 7.0.50

OTRS 8.0.x

References

https://otrs.com/release-notes/otrs-security-advisory-202...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2024
Vulnerability Reserved
Aug 13, 2024

Credit

Special thanks to Marek Holka for reporting these vulnerability.