There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
History

Mon, 16 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Title XSS in the ticket overview screens XSS in the ticket overview screens

cve-icon MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2021-06-16T09:50:11.263977Z

Updated: 2024-09-16T16:23:02.452Z

Reserved: 2020-12-29T00:00:00

Link: CVE-2021-21441

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-16T10:15:08.837

Modified: 2024-11-21T05:48:22.837

Link: CVE-2021-21441

cve-icon Redhat

No data.