Otrs Survey vulnerabilities
2 known vulnerabilities affecting otrs/survey.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-38057MEDIUMCVSS 5.4≥ 6.0.0, ≤ 6.0.22≥ 7.0.0, < 7.0.32+1 more2023-07-24
CVE-2023-38057 [MEDIUM] CWE-20 CVE-2023-38057: An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.
This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.
nvd
CVE-2021-21434MEDIUMCVSS 4.8≥ 6.0.0, ≤ 6.0.20≥ 7.0.0, ≤ 7.0.192021-02-08
CVE-2021-21434 [MEDIUM] CWE-79 CVE-2021-21434: Survey administrator can craft a survey in such way that malicious code can be executed in the agent
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions.
nvd