CVE-2018-17883

2023-04-1600:15:07

Google

osv.dev

otrs vulnerability

javascript execution

email security.

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.5%

JSON

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.

CPENameOperatorVersion
otrseqrel-3_0_0_beta7
otrseqrel-3_0_0_beta5
otrseqrel-3_1_0-b1
otrseqrel-3_1_0-b4
otrseqrel-6_0_6
otrseqrel-1_0_0_rc2
otrseqrel-1_2_0-b2
otrseqrel-3_0_0_beta4
otrseqrel-2_0_0-b1
otrseqrel-4_0_0_beta3

Name	Operator	Version
otrs	eq	rel-3_0_0_beta7
otrs	eq	rel-3_0_0_beta5
otrs	eq	rel-3_1_0-b1
otrs	eq	rel-3_1_0-b4
otrs	eq	rel-6_0_6
otrs	eq	rel-1_0_0_rc2
otrs	eq	rel-1_2_0-b2
otrs	eq	rel-3_0_0_beta4
otrs	eq	rel-2_0_0-b1
otrs	eq	rel-4_0_0_beta3