CVE-2023-1248: Possible XSS in Ticket Actions
First published: Mon Mar 20 2023(Updated: )
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
Credit: security@otrs.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Otrs Otrs | >=6.0.1<=6.0.34 | |
| Otrs Otrs | >=7.0.0<7.0.42 |
Remedy
Update to OTRS 7.0.42
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this OTRS vulnerability?
The vulnerability ID for this OTRS vulnerability is CVE-2023-1248.
What is the severity of CVE-2023-1248 vulnerability?
The severity of CVE-2023-1248 vulnerability is medium.
Which software versions are affected by CVE-2023-1248 vulnerability?
Affected software versions for CVE-2023-1248 vulnerability are OTRS Community Edition 6.0.1 through 6.0.34 and OTRS 7.0.0 through 7.0.42.
What is the CWE number associated with CVE-2023-1248 vulnerability?
The CWE number associated with CVE-2023-1248 vulnerability are CWE-79 and CWE-20.
How can I fix the CVE-2023-1248 vulnerability?
To fix the CVE-2023-1248 vulnerability, it is recommended to upgrade OTRS Community Edition to version 6.0.35 or higher and OTRS to version 7.0.43 or higher.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/otrs
- canonical/otrs otrs
- version/otrs otrs/6.0.1
- version/otrs otrs/6.0.34
- version/otrs otrs/7.0.0