QwikSec

Security Database

CVE

CWE

Training

CVE-2019-9752

Published: Mar 13, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework

x_refsource_MISC

[debian-lts-announce] 20190319 [SECURITY] [DLA 1721-1] otrs2 security update

mailing-list

x_refsource_MLIST

openSUSE-SU-2020:0551

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1475

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1509

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.