Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistOTRSCVELIST:CVE-2022-0473
HistoryFeb 07, 2022 - 12:00 a.m.

CVE-2022-0473 Dynamic field error message is vulnerable to XSS

2022-02-0700:00:00
CWE-79
OTRS
raw.githubusercontent.com
1

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.

Related

cnvd 1
ubuntucve 1
prion 1
cve 1
openvas 1
cnvd
cnvd
OTRS Cross-Site Scripting Vulnerability (CNVD-2022-13927)
2022-02-21 00:00:00
ubuntucve
ubuntucve
CVE-2022-0473
2022-02-07 00:00:00
prion
prion
Code injection
2022-02-07 11:15:00
cve
cve
CVE-2022-0473
2022-02-07 11:15:00
openvas
openvas
OTRS XSS Vulnerability (OSA-2022-01)
2022-10-19 00:00:00

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON
Related for CVELIST:CVE-2022-0473
cnvd1ubuntucve1prion1cve1openvas1