Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
CPE | Name | Operator | Version |
---|---|---|---|
otrs | eq | rel-2_0_0-b1 | |
otrs | eq | rel-2_2_1 | |
otrs | eq | rel-2_2_0_beta1 | |
otrs | eq | rel-1_1_0_rc2 | |
otrs | eq | rel-3_0_0-b5 | |
otrs | eq | rel-2_2_0_beta3 | |
otrs | eq | rel-4_0_19 | |
otrs | eq | rel-4_0_22 | |
otrs | eq | rel-4_0_17 | |
otrs | eq | rel-1_2_0_beta1 |