CVE-2021-21441 — Cross-site Scripting in AG Community Edition

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 47.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs AG Otrs Otrs

Timeline

PublishedJun 16

Latest updateMay 24

Description

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶NVDotrs/otrs7.0.0 — 7.0.26+1

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.26

🔴Vulnerability Details

GHSA

GHSA-jpp9-9j52-jc5j: There is a XSS vulnerability in the ticket overview screens↗2022-05-24

▶

OSV

CVE-2021-21441: There is a XSS vulnerability in the ticket overview screens↗2021-06-16

▶

CVEList

XSS in the ticket overview screens↗2021-06-16

▶

📋Vendor Advisories

Debian

CVE-2021-21441: otrs2 - There is a XSS vulnerability in the ticket overview screens. It's possible to co...↗2021

▶