CVE-2021-21441: XSS
First published: Wed Jun 16 2021(Updated: )
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
Credit: security@otrs.com security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=6.0.1 | |
| Otrs Otrs | >=7.0.0<=7.0.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XSS vulnerability?
The vulnerability ID for this XSS vulnerability is CVE-2021-21441.
What is the severity of CVE-2021-21441?
The severity of CVE-2021-21441 is high (7.5).
Which software is affected by CVE-2021-21441?
CVE-2021-21441 affects OTRS versions 6.0.1 and later, and versions 7.0.0 to 7.0.26.
How can an attacker exploit CVE-2021-21441?
An attacker can exploit CVE-2021-21441 by sending a specially crafted email to the system, which can then collect various information by displaying the email in the ticket overview screens.
Are there any fixes or patches available for CVE-2021-21441?
Yes, patches and updates are available for fixing CVE-2021-21441. Please refer to the official OTRS website for the latest information and security advisory.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/6.0.1
- version/otrs otrs/7.0.0
- version/otrs otrs/7.0.26