CVE-2023-1248 — Cross-site Scripting in AG Otrs

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 28.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Otrs Otrs Otrs AG Community Edition

Timeline

PublishedMar 20

Description

Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5otrs_ag/community_edition6.0.1 — 6.0.34

▶NVDotrs/otrs7.0.0 — 7.0.42+1

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.42

🔴Vulnerability Details

CVEList

Possible XSS in Ticket Actions↗2023-03-20

▶

GHSA

GHSA-9v6f-g8pq-wjvp: Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows C↗2023-03-20

▶

OSV

CVE-2023-1248: Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows C↗2023-03-20

▶