CVE-2022-39050
Last modified
CVE-2022-39050 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. EPSS estimates a 0.45% chance of exploitation in the next 30 days.
Description
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Otrs | >= 6.0.0, <= 6.0.32 |
| Otrs | Otrs | >= 7.0.0, < 7.0.37 |
| Otrs | Otrs | >= 8.0.0, < 8.0.25 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-39050?
How severe is CVE-2022-39050?
How do I fix CVE-2022-39050?
Are you affected by CVE-2022-39050?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST