An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.
This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.
References
| Link | Resource |
|---|---|
| https://otrs.com/release-notes/otrs-security-advisory-2023-06/ | Vendor Advisory |
| https://otrs.com/release-notes/otrs-security-advisory-2023-06/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:12
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://otrs.com/release-notes/otrs-security-advisory-2023-06/ - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.1 |
04 Aug 2023, 18:48
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Otrs survey
|
|
| CPE | cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:* |
cpe:2.3:a:otrs:survey:*:*:*:*:community:*:*:* cpe:2.3:a:otrs:survey:*:*:*:*:-:*:*:* |
01 Aug 2023, 17:34
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Otrs
Otrs otrs |
|
| References | (MISC) https://otrs.com/release-notes/otrs-security-advisory-2023-06/ - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| CPE | cpe:2.3:a:otrs:otrs:*:*:*:*:-:*:*:* cpe:2.3:a:otrs:otrs:*:*:*:*:community:*:*:* |
|
| CWE | CWE-79 |
24 Jul 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-24 09:15
Updated : 2024-11-21 08:12
NVD link : CVE-2023-38057
Mitre link : CVE-2023-38057
CVE.ORG link : CVE-2023-38057
JSON object : View
Products Affected
otrs
- survey