CVE-2024-43442 — Improper Filtering of Special Elements in AG Otrs

CWE-790 — Improper Filtering of Special Elements CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 77.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Otrs Otrs AG Community Edition

Timeline

PublishedAug 26

Description

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5otrs_ag/community_edition6.0.x

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.50+3

🔴Vulnerability Details

OSV

CVE-2024-43442: Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)↗2024-08-26

▶

CVEList

Stored XSS in System Configuration↗2024-08-26

▶

GHSA

GHSA-g24f-94pq-jr67: Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)↗2024-08-26

▶