CVE-2021-36092
published 2021-07-26CVE-2021-36092: It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community…
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.72%
49.1th percentile
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| otrs | otrs | 6.0.0 – 6.0.32 | — |
| otrs | otrs | >= 7.0.0 < 7.0.28 | 7.0.28 |
| otrs | otrs | >= 8.0.0 < 8.0.15 | 8.0.15 |
| otrs_ag | community_edition | >= 6.0.1 < 6.0.x* | 6.0.x* |
| otrs_ag | otrs | 7.0.x – 7.0.27 | — |
| otrs_ag | otrs | 8.0.x – 8.0.14 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r4rg-fqhp-766m: It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack
ghsa_unreviewed·2022-05-24
CVE-2021-36092 [MEDIUM] CWE-79 GHSA-r4rg-fqhp-766m: It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
OSV
CVE-2021-36092: It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack
osv·2021-07-26·CVSS 6.1
CVE-2021-36092 [MEDIUM] CVE-2021-36092: It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-26
Published