cbcvebase.
CVE-2020-1766
published 2020-01-10

CVE-2020-1766: Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript…

PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.27%
66.2th percentile
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Affected

8 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianotrs2< otrs2 6.0.25-1 (bullseye)otrs2 6.0.25-1 (bullseye)
otrsotrs5.0.0 – 5.0.39
otrsotrs6.0.0 – 6.0.24
otrsotrs7.0.0 – 7.0.13
otrs_agcommunity_edition
otrs_agcommunity_edition
otrs_agotrs

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_redhat3.3LOW
vendor_debian2.0LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.