First published: Wed Mar 13 2019(Updated: )
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Otrs Otrs | >=6.0.0<6.0.17 | |
Otrs Otrs | >=7.0.0<7.0.5 | |
>=6.0.0<6.0.17 | ||
>=7.0.0<7.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.