There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | XSS in the ticket overview screens | XSS in the ticket overview screens |
MITRE
Status: PUBLISHED
Assigner: OTRS
Published: 2021-06-16T09:50:11.263977Z
Updated: 2024-09-16T16:23:02.452Z
Reserved: 2020-12-29T00:00:00
Link: CVE-2021-21441
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-16T10:15:08.837
Modified: 2024-11-21T05:48:22.837
Link: CVE-2021-21441
Redhat
No data.