CVE-2024-43443 — Improper Filtering of Special Elements in AG Otrs

CWE-790 — Improper Filtering of Special Elements4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 71.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Otrs AG Otrs Otrs AG Community Edition

Timeline

PublishedAug 26

Description

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5otrs_ag/community_edition6.0.x

▶CVEListV5otrs_ag/otrs7.0.x — 7.0.50+3

🔴Vulnerability Details

CVEList

Stored XSS in process management↗2024-08-26

▶

OSV

CVE-2024-43443: Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS))↗2024-08-26

▶

GHSA

GHSA-79g4-f35r-g3f6: Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS))↗2024-08-26

▶