cbcvebase.
CVE-2024-43443
published 2024-08-26

CVE-2024-43443: Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS))…

PriorityP423medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
EPSS
0.36%
27.7th percentile
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins.
This issue affects:

* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Affected

5 ranges
VendorProductVersion rangeFixed in
otrs_agcommunity_edition
otrs_agotrs
otrs_agotrs
otrs_agotrs2024.x – 2024.5.x
otrs_agotrs7.0.x – 7.0.50

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
osv4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.