QwikSec

Security Database

CVE

CWE

Training

CVE-2020-1771

Published: Mar 27, 2020

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

4.6

MEDIUM

Description

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

Vendor	Product	Versions
OTRS AG	((OTRS)) Community Edition	affected `6.0.x - <= 6.0.26`
OTRS AG	OTRS	affected `7.0.x - <= 7.0.15`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://otrs.com/release-notes/otrs-security-advisory-2020-08/

openSUSE-SU-2020:0551

vendor-advisory

openSUSE-SU-2020:1475

vendor-advisory

openSUSE-SU-2020:1509

vendor-advisory

[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.