Attacker is able craft an article with a link to the customer address book
with malicious content (JavaScript). When agent opens the link, JavaScript
code is executed due to the missing parameter encoding. This issue affects:
((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and
prior versions.
Author | Note |
---|---|
sbeattie | probably does not affect otrs v5 |