Main Vulnerability Database SB2021020814

SB2021020814 - Cross-site scripting in OTRS

Published: February 8, 2021 Updated: April 1, 2021

Security Bulletin ID SB2021020814

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2021-21434)

The vulnerability allows a remote privileged user to read and manipulate data.

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions.

Remediation

Install update from vendor's website.

References

https://otrs.com/release-notes/otrs-security-advisory-2021-01/