CVE-2022-39049 — Cross-site Scripting in AG Community Edition

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

CNA3.5

EPSS

1.1%

top 22.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Community Edition Otrs Otrs AG Otrs

Timeline

PublishedSep 5

Latest updateSep 6

Description

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

▶NVDotrs/otrs7.0.0 — 7.0.37+2

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.x*

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.36+1

🔴Vulnerability Details

GHSA

GHSA-vcr2-2xwg-6gr9: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS↗2022-09-06

▶

OSV

CVE-2022-39049: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS↗2022-09-05

▶

CVEList

Possible XSS in Admin Interface↗2022-09-05

▶