cbcvebase.
CVE-2023-38057
published 2023-07-24

CVE-2023-38057: An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript…

PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.33%
24.8th percentile
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.

Affected

6 ranges
VendorProductVersion rangeFixed in
otrssurvey6.0.0 – 6.0.22
otrssurvey>= 7.0.0 < 7.0.327.0.32
otrssurvey>= 8.0.0 < 8.0.138.0.13
otrs_agcommunity_edition6.0.x – 6.0.22
otrs_agotrs>= 7.0.x < 7.0.327.0.32
otrs_agotrs>= 8.0.x < 8.0.138.0.13

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv5.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.