First published: Mon Feb 07 2022(Updated: )
Credit: security@otrs.com
Affected Software | Affected Version | How to fix |
---|---|---|
Otrs Otrs | >=7.0.0<7.0.32 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-0473.
The title of the vulnerability is 'OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check.'
The severity of CVE-2022-0473 is medium with a severity value of 4.8.
CVE-2022-0473 affects OTRS 7.0.x version: 7.0.31 and prior versions.
The vulnerability can be exploited by OTRS administrators configuring dynamic field and injecting malicious JavaScript code in the error message of the regular expression check, which can execute malicious code in the browser.
To fix CVE-2022-0473, update OTRS to version 7.0.32 or above.