CVE-2018-11563 — Otrs vulnerability

4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.3%

top 46.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs Debian Linux

Timeline

PublishedJul 8

Latest updateMay 24

Description

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 6.0.8-1 (bullseye)

▶NVDotrs/otrs6.0.0 — 6.0.7

Also affects: Debian Linux 8.0

Patches

Patch: community.otrs.com ↗Patch: community.otrs.com ↗

🔴Vulnerability Details

GHSA

GHSA-qxm4-v4cw-7cm7: An issue was discovered in Open Ticket Request System (OTRS) 6↗2022-05-24

▶

OSV

CVE-2018-11563: An issue was discovered in Open Ticket Request System (OTRS) 6↗2019-07-08

▶

📋Vendor Advisories

Debian

CVE-2018-11563: otrs2 - An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7...↗2018

▶