CVE-2021-36092: XSS
First published: Mon Jul 26 2021(Updated: )
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=6.0.0<=6.0.32 | |
| Otrs Otrs | >=7.0.0<7.0.28 | |
| Otrs Otrs | >=8.0.0<8.0.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-36092?
CVE-2021-36092 is a vulnerability that allows an attacker to create an email with a specially crafted link that can be used to perform a cross-site scripting (XSS) attack.
Which software versions are affected by CVE-2021-36092?
OTRS AG ((OTRS)) Community Edition 6.0.1 and later versions, OTRS AG OTRS 7.0.27 and prior versions, and OTRS AG OTRS 8.0.14 and prior versions are affected by CVE-2021-36092.
What is the severity of CVE-2021-36092?
CVE-2021-36092 has a severity rating of medium (6.1).
How can an attacker exploit CVE-2021-36092?
An attacker can exploit CVE-2021-36092 by sending an email containing a specially crafted link, which, when clicked, executes arbitrary script code in the victim's browser.
Is there a fix available for CVE-2021-36092?
Yes, a fix for CVE-2021-36092 is available. It is recommended to update to OTRS AG ((OTRS)) Community Edition 6.0.32 or later versions, OTRS AG OTRS 7.0.28 or later versions, or OTRS AG OTRS 8.0.15 or later versions to mitigate the vulnerability.
- collector/nvd-index
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/6.0.0
- version/otrs otrs/6.0.32
- version/otrs otrs/7.0.0
- version/otrs otrs/8.0.0