CVE-2018-17883: XSS
First published: Sun Apr 16 2023(Updated: )
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=6.0.0<6.0.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the OTRS vulnerability?
The vulnerability ID of the OTRS vulnerability is CVE-2018-17883.
What is the severity of CVE-2018-17883?
The severity of CVE-2018-17883 is medium with a CVSS score of 6.1.
How does CVE-2018-17883 affect Open Ticket Request System (OTRS)?
CVE-2018-17883 affects OTRS versions 6.0.x before 6.0.12.
What can an attacker do with CVE-2018-17883?
An attacker could send a malicious email link to an OTRS system or an agent, which could cause the execution of JavaScript in the context of OTRS if a logged-in agent opens the link.
How can I fix CVE-2018-17883?
To fix CVE-2018-17883, update your OTRS installation to version 6.0.12 or newer.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/6.0.0