CVE Vulnerabilities

CVE-2018-11563

Published: Jul 08, 2019 | Modified: Nov 21, 2024
CVSS 3.x
4.6
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
CVSS 2.x
4.9 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customers browser in the context of the OTRS customer panel application.

Affected Software

Name Vendor Start Version End Version
Otrs Otrs 6.0.0 (including) 6.0.7 (including)
Otrs2 Ubuntu bionic *
Otrs2 Ubuntu esm-apps/bionic *
Otrs2 Ubuntu esm-apps/xenial *
Otrs2 Ubuntu trusty *
Otrs2 Ubuntu upstream *
Otrs2 Ubuntu xenial *

References