An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customers browser in the context of the OTRS customer panel application.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Otrs | Otrs | 6.0.0 (including) | 6.0.7 (including) |
Otrs2 | Ubuntu | bionic | * |
Otrs2 | Ubuntu | esm-apps/bionic | * |
Otrs2 | Ubuntu | esm-apps/xenial | * |
Otrs2 | Ubuntu | trusty | * |
Otrs2 | Ubuntu | upstream | * |
Otrs2 | Ubuntu | xenial | * |