CVE-2018-19141 — Cross-site Scripting in Open Ticket Request System

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 49.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs Open Ticket Request System Debian Otrs2 Debian Linux

Timeline

PublishedNov 11

Latest updateMay 14

Description

Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDotrs/open_ticket_request_system4.0.0 — 4.0.33+1

▶debiandebian/otrs2< otrs2 6.0.1-1 (bullseye)

Also affects: Debian Linux 8.0

Patches

Patch: community.otrs.com ↗Patch: community.otrs.com ↗

🔴Vulnerability Details

GHSA

GHSA-5j7r-jxpc-qhpw: Open Ticket Request System (OTRS) 4↗2022-05-14

▶

OSV

CVE-2018-19141: Open Ticket Request System (OTRS) 4↗2018-11-11

▶

📋Vendor Advisories

Debian

CVE-2018-19141: otrs2 - Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 al...↗2018

▶