What is the severity of CVE-2016-9139?

CVE-2016-9139 is classified as a medium severity vulnerability that allows for cross-site scripting (XSS) attacks.

How do I fix CVE-2016-9139?

To fix CVE-2016-9139, upgrade to OTRS versions 3.3.16, 4.0.19, or 5.0.14 or later.

Which versions are affected by CVE-2016-9139?

CVE-2016-9139 affects OTRS versions prior to 3.3.16, 4.0.19, and 5.0.14.

What type of vulnerability is CVE-2016-9139?

CVE-2016-9139 is a cross-site scripting (XSS) vulnerability that enables attackers to inject arbitrary web scripts or HTML.

Who can exploit CVE-2016-9139?

CVE-2016-9139 can be exploited by remote attackers who can inject malicious code via crafted attachments.

Vulnerability/
CVE-2016-9139

medium

6.1

CWE

16/2/2017

20/4/2025

CVE-2016-9139: XSS

First published: Thu Feb 16 2017(Updated: )

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.

Credit: security@debian.org

Affected Software	Affected Version	How to fix
OTRS	=3.0.0-beta1
OTRS	=3.0.0-beta2
OTRS	=3.0.0-beta3
OTRS	=3.0.0-beta4
OTRS	=3.0.0-beta5
OTRS	=3.0.0-beta6
OTRS	=3.0.0-beta7
OTRS	=3.0.1
OTRS	=3.0.2
OTRS	=3.0.3
OTRS	=3.0.4
OTRS	=3.0.5
OTRS	=3.0.6
OTRS	=3.0.7
OTRS	=3.0.8
OTRS	=3.0.9
OTRS	=3.0.10
OTRS	=3.0.11
OTRS	=3.0.12
OTRS	=3.0.13
OTRS	=3.0.14
OTRS	=3.0.15
OTRS	=3.0.16
OTRS	=3.0.17
OTRS	=3.1.0
OTRS	=3.1.1
OTRS	=3.1.2
OTRS	=3.1.3
OTRS	=3.1.4
OTRS	=3.1.5
OTRS	=3.1.6
OTRS	=3.1.7
OTRS	=3.1.8
OTRS	=3.1.9
OTRS	=3.1.10
OTRS	=3.1.11
OTRS	=3.1.13
OTRS	=3.1.14
OTRS	=3.1.15
OTRS	=3.1.16
OTRS	=3.1.17
OTRS	=3.1.18
OTRS	=3.1.19
OTRS	=3.1.20
OTRS	=3.1.21
OTRS	=3.2.0
OTRS	=3.2.0-beta1
OTRS	=3.2.0-beta2
OTRS	=3.2.0-beta3
OTRS	=3.2.0-beta4
OTRS	=3.2.0-beta5
OTRS	=3.2.0-rc1
OTRS	=3.2.1
OTRS	=3.2.2
OTRS	=3.2.3
OTRS	=3.2.4
OTRS	=3.2.5
OTRS	=3.2.6
OTRS	=3.2.7
OTRS	=3.2.8
OTRS	=3.2.9
OTRS	=3.2.10
OTRS	=3.2.11
OTRS	=3.2.12
OTRS	=3.2.13
OTRS	=3.2.14
OTRS	=3.2.15
OTRS	=3.2.16
OTRS	=3.3.0
OTRS	=3.3.0-beta1
OTRS	=3.3.0-beta2
OTRS	=3.3.0-beta3
OTRS	=3.3.0-beta4
OTRS	=3.3.0-beta5
OTRS	=3.3.0-rc1
OTRS	=3.3.1
OTRS	=3.3.2
OTRS	=3.3.3
OTRS	=3.3.4
OTRS	=3.3.5
OTRS	=3.3.6
OTRS	=3.3.7
OTRS	=3.3.8
OTRS	=3.3.9
OTRS	=3.3.10
OTRS	=3.3.11
OTRS	=3.3.12
OTRS	=3.3.13
OTRS	=3.3.14
OTRS	=3.3.15
OTRS	=4.0.0-beta1
OTRS	=4.0.0-beta2
OTRS	=4.0.0-beta3
OTRS	=4.0.0-beta4
OTRS	=4.0.0-beta5
OTRS	=4.0.0-rc1
OTRS	=4.0.1
OTRS	=4.0.2
OTRS	=4.0.3
OTRS	=4.0.4
OTRS	=4.0.5
OTRS	=4.0.6
OTRS	=4.0.7
OTRS	=4.0.8
OTRS	=4.0.9
OTRS	=4.0.10
OTRS	=4.0.11
OTRS	=4.0.12
OTRS	=4.0.13
OTRS	=4.0.14
OTRS	=4.0.15
OTRS	=4.0.16
OTRS	=4.0.17
OTRS	=4.0.18
OTRS	=5.0.0-beta1
OTRS	=5.0.0-beta2
OTRS	=5.0.0-beta3
OTRS	=5.0.0-beta4
OTRS	=5.0.0-beta5
OTRS	=5.0.0-rc1
OTRS	=5.0.1
OTRS	=5.0.2
OTRS	=5.0.3
OTRS	=5.0.4
OTRS	=5.0.5
OTRS	=5.0.6
OTRS	=5.0.7
OTRS	=5.0.8
OTRS	=5.0.9
OTRS	=5.0.10
OTRS	=5.0.11
OTRS	=5.0.12
OTRS	=5.0.13
	=3.0.0-beta1
	=3.0.0-beta2
	=3.0.0-beta3
	=3.0.0-beta4
	=3.0.0-beta5
	=3.0.0-beta6
	=3.0.0-beta7
	=3.0.1
	=3.0.2
	=3.0.3
	=3.0.4
	=3.0.5
	=3.0.6
	=3.0.7
	=3.0.8
	=3.0.9
	=3.0.10
	=3.0.11
	=3.0.12
	=3.0.13
	=3.0.14
	=3.0.15
	=3.0.16
	=3.0.17
	=3.1.0
	=3.1.1
	=3.1.2
	=3.1.3
	=3.1.4
	=3.1.5
	=3.1.6
	=3.1.7
	=3.1.8
	=3.1.9
	=3.1.10
	=3.1.11
	=3.1.13
	=3.1.14
	=3.1.15
	=3.1.16
	=3.1.17
	=3.1.18
	=3.1.19
	=3.1.20
	=3.1.21
	=3.2.0
	=3.2.0-beta1
	=3.2.0-beta2
	=3.2.0-beta3
	=3.2.0-beta4
	=3.2.0-beta5
	=3.2.0-rc1
	=3.2.1
	=3.2.2
	=3.2.3
	=3.2.4
	=3.2.5
	=3.2.6
	=3.2.7
	=3.2.8
	=3.2.9
	=3.2.10
	=3.2.11
	=3.2.12
	=3.2.13
	=3.2.14
	=3.2.15
	=3.2.16
	=3.3.0
	=3.3.0-beta1
	=3.3.0-beta2
	=3.3.0-beta3
	=3.3.0-beta4
	=3.3.0-beta5
	=3.3.0-rc1
	=3.3.1
	=3.3.2
	=3.3.3
	=3.3.4
	=3.3.5
	=3.3.6
	=3.3.7
	=3.3.8
	=3.3.9
	=3.3.10
	=3.3.11
	=3.3.12
	=3.3.13
	=3.3.14
	=3.3.15
	=4.0.0-beta1
	=4.0.0-beta2
	=4.0.0-beta3
	=4.0.0-beta4
	=4.0.0-beta5
	=4.0.0-rc1
	=4.0.1
	=4.0.2
	=4.0.3
	=4.0.4
	=4.0.5
	=4.0.6
	=4.0.7
	=4.0.8
	=4.0.9
	=4.0.10
	=4.0.11
	=4.0.12
	=4.0.13
	=4.0.14
	=4.0.15
	=4.0.16
	=4.0.17
	=4.0.18
	=5.0.0-beta1
	=5.0.0-beta2
	=5.0.0-beta3
	=5.0.0-beta4
	=5.0.0-beta5
	=5.0.0-rc1
	=5.0.1
	=5.0.2
	=5.0.3
	=5.0.4
	=5.0.5
	=5.0.6
	=5.0.7
	=5.0.8
	=5.0.9
	=5.0.10
	=5.0.11
	=5.0.12
	=5.0.13

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-9139?
CVE-2016-9139 is classified as a medium severity vulnerability that allows for cross-site scripting (XSS) attacks.
How do I fix CVE-2016-9139?
To fix CVE-2016-9139, upgrade to OTRS versions 3.3.16, 4.0.19, or 5.0.14 or later.
Which versions are affected by CVE-2016-9139?
CVE-2016-9139 affects OTRS versions prior to 3.3.16, 4.0.19, and 5.0.14.
What type of vulnerability is CVE-2016-9139?
CVE-2016-9139 is a cross-site scripting (XSS) vulnerability that enables attackers to inject arbitrary web scripts or HTML.
Who can exploit CVE-2016-9139?
CVE-2016-9139 can be exploited by remote attackers who can inject malicious code via crafted attachments.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/first-publish-date
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/otrs
canonical/otrs
version/otrs/3.0.0-beta1
version/otrs/3.0.0-beta2
version/otrs/3.0.0-beta3
version/otrs/3.0.0-beta4
version/otrs/3.0.0-beta5
version/otrs/3.0.0-beta6
version/otrs/3.0.0-beta7
version/otrs/3.0.1
version/otrs/3.0.2
version/otrs/3.0.3
version/otrs/3.0.4
version/otrs/3.0.5
version/otrs/3.0.6
version/otrs/3.0.7
version/otrs/3.0.8
version/otrs/3.0.9
version/otrs/3.0.10
version/otrs/3.0.11
version/otrs/3.0.12
version/otrs/3.0.13
version/otrs/3.0.14
version/otrs/3.0.15
version/otrs/3.0.16
version/otrs/3.0.17
version/otrs/3.1.0
version/otrs/3.1.1
version/otrs/3.1.2
version/otrs/3.1.3
version/otrs/3.1.4
version/otrs/3.1.5
version/otrs/3.1.6
version/otrs/3.1.7
version/otrs/3.1.8
version/otrs/3.1.9
version/otrs/3.1.10
version/otrs/3.1.11
version/otrs/3.1.13
version/otrs/3.1.14
version/otrs/3.1.15
version/otrs/3.1.16
version/otrs/3.1.17
version/otrs/3.1.18
version/otrs/3.1.19
version/otrs/3.1.20
version/otrs/3.1.21
version/otrs/3.2.0
version/otrs/3.2.0-beta1
version/otrs/3.2.0-beta2
version/otrs/3.2.0-beta3
version/otrs/3.2.0-beta4
version/otrs/3.2.0-beta5
version/otrs/3.2.0-rc1
version/otrs/3.2.1
version/otrs/3.2.2
version/otrs/3.2.3
version/otrs/3.2.4
version/otrs/3.2.5
version/otrs/3.2.6
version/otrs/3.2.7
version/otrs/3.2.8
version/otrs/3.2.9
version/otrs/3.2.10
version/otrs/3.2.11
version/otrs/3.2.12
version/otrs/3.2.13
version/otrs/3.2.14
version/otrs/3.2.15
version/otrs/3.2.16
version/otrs/3.3.0
version/otrs/3.3.0-beta1
version/otrs/3.3.0-beta2
version/otrs/3.3.0-beta3
version/otrs/3.3.0-beta4
version/otrs/3.3.0-beta5
version/otrs/3.3.0-rc1
version/otrs/3.3.1
version/otrs/3.3.2
version/otrs/3.3.3
version/otrs/3.3.4
version/otrs/3.3.5
version/otrs/3.3.6
version/otrs/3.3.7
version/otrs/3.3.8
version/otrs/3.3.9
version/otrs/3.3.10
version/otrs/3.3.11
version/otrs/3.3.12
version/otrs/3.3.13
version/otrs/3.3.14
version/otrs/3.3.15
version/otrs/4.0.0-beta1
version/otrs/4.0.0-beta2
version/otrs/4.0.0-beta3
version/otrs/4.0.0-beta4
version/otrs/4.0.0-beta5
version/otrs/4.0.0-rc1
version/otrs/4.0.1
version/otrs/4.0.2
version/otrs/4.0.3
version/otrs/4.0.4
version/otrs/4.0.5
version/otrs/4.0.6
version/otrs/4.0.7
version/otrs/4.0.8
version/otrs/4.0.9
version/otrs/4.0.10
version/otrs/4.0.11
version/otrs/4.0.12
version/otrs/4.0.13
version/otrs/4.0.14
version/otrs/4.0.15
version/otrs/4.0.16
version/otrs/4.0.17
version/otrs/4.0.18
version/otrs/5.0.0-beta1
version/otrs/5.0.0-beta2
version/otrs/5.0.0-beta3
version/otrs/5.0.0-beta4
version/otrs/5.0.0-beta5
version/otrs/5.0.0-rc1
version/otrs/5.0.1
version/otrs/5.0.2
version/otrs/5.0.3
version/otrs/5.0.4
version/otrs/5.0.5
version/otrs/5.0.6
version/otrs/5.0.7
version/otrs/5.0.8
version/otrs/5.0.9
version/otrs/5.0.10
version/otrs/5.0.11
version/otrs/5.0.12
version/otrs/5.0.13