XSS Vulnerability in Ticket Overview Screens of OTRS AG ((OTRS)) Community Edition 6.0.x and OTRS 7.0.x

XSS Vulnerability in Ticket Overview Screens of OTRS AG ((OTRS)) Community Edition 6.0.x and OTRS 7.0.x

CVE-2021-21441 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.

Learn more about our User Device Pen Test.