Products
OTRS
- 7.0.X - 7.0.50
- 8.0.X
- 2023.X
- 2024.X - 2024.5.X
OTRS Community Edition
- 6.0.x
Source
security@otrs.com
Tags
CVE-2024-43443 details
Last Modified : Aug. 26, 2024, 12:47 p.m.
Description
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
CVSS Score
1 | 2 | 3 | 4.9 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-790 | Improper Filtering of Special Elements | The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
4.9
Exploitability Score
1.2
Impact Score
3.6
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
References
URL | Source |
---|---|
https://otrs.com/release-notes/otrs-security-advisory-2024-11/ | security@otrs.com |