CVE-2021-36094
published 2021-09-06CVE-2021-36094: It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x…
PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.59%
43.8th percentile
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| otrs | otrs | >= 6.0.1 | — |
| otrs | otrs | >= 7.0.0 < 7.0.29 | 7.0.29 |
| otrs_ag | community_edition | >= 6.0.1 < 6.0.x* | 6.0.x* |
| otrs_ag | otrs | 7.0.x – 7.0.28 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p79w-9c5j-r2gw: It's possible to craft a request for appointment edit screen, which could lead to the XSS attack
ghsa_unreviewed·2022-05-24
CVE-2021-36094 [MEDIUM] CWE-79 GHSA-p79w-9c5j-r2gw: It's possible to craft a request for appointment edit screen, which could lead to the XSS attack
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
OSV
CVE-2021-36094: It's possible to craft a request for appointment edit screen, which could lead to the XSS attack
osv·2021-09-06·CVSS 5.4
CVE-2021-36094 [MEDIUM] CVE-2021-36094: It's possible to craft a request for appointment edit screen, which could lead to the XSS attack
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-09-06
Published