Lucene search
GoogleOSV:CVE-2019-9752HistoryMar 13, 2019 - 10:29 p.m.
CVE-2019-9752
2019-03-1322:29:00
Google
osv.dev
6
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
References
lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework
lists.debian.org/debian-lts-announce/2019/03/msg00023.html
Related
osv
osv
otrs2 - security update
2019-03-19 00:00:00
prion
prion
Design/Logic Flaw
2019-03-13 22:29:00
nessus
nessus
Debian DLA-1721-1 : otrs2 security update
2019-03-20 00:00:00
openSUSE Security Update : otrs (openSUSE-2020-551)
2020-04-28 00:00:00
openSUSE Security Update : otrs (openSUSE-2020-1475)
2020-09-23 00:00:00
cvelist
cvelist
CVE-2019-9752
2019-03-13 22:00:00
debian
debian
[SECURITY] [DLA 1721-1] otrs2 security update
2019-03-19 07:48:45
openvas
openvas
Debian: Security Advisory (DLA-1721-1)
2019-03-18 00:00:00
OTRS 7.0.x <= 7.0.3, 6.0.x <= 6.0.15 and 5.0.x <= 5.0.33 RCE Vulnerability
2019-03-18 00:00:00
openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:1475-1)
2020-09-21 00:00:00
debiancve
debiancve
CVE-2019-9752
2019-03-13 22:29:00
ubuntucve
ubuntucve
CVE-2019-9752
2019-03-13 00:00:00
nvd
nvd
CVE-2019-9752
2019-03-13 22:29:00
cve
cve
CVE-2019-9752
2019-03-13 22:29:00
suse
suse
Recommended update for otrs (moderate)
2020-09-20 00:00:00
Recommended update for otrs (moderate)
2020-09-23 00:00:00
Recommended update for otrs (moderate)
2020-04-25 00:00:00