CVE-2019-16375

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:30

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html - Broken Link () http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html - Broken Link
References () https://community.otrs.com/category/security-advisories-en/ - Vendor Advisory () https://community.otrs.com/category/security-advisories-en/ - Vendor Advisory
References () https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html - () https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html -
References () https://otrs.com/release-notes/otrs-security-advisory-2019-13/ - Release Notes, Vendor Advisory () https://otrs.com/release-notes/otrs-security-advisory-2019-13/ - Release Notes, Vendor Advisory

31 Aug 2023, 03:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html -

Information

Published : 2020-03-19 18:15

Updated : 2024-11-21 04:30


NVD link : CVE-2019-16375

Mitre link : CVE-2019-16375

CVE.ORG link : CVE-2019-16375


JSON object : View

Products Affected

otrs

  • otrs
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')