CVE-2024-43442
CVSS V2 None
CVSS V3 None
Description
Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in OTRS (System Configuration modules) and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the System Configuration targeting other admins.
This issue affects:
* OTRS from 7.0.X through 7.0.50
* OTRS 8.0.X
* OTRS 2023.X
* OTRS from 2024.X through 2024.5.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
Overview
- CVE ID
- CVE-2024-43442
- Assigner
- OTRS
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-08-26T08:42:39.842Z
- Last Modified Date
- 2024-08-26T15:27:15.700Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://otrs.com/release-notes/otrs-security-advisory-2024-10/ |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-43442 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43442 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-08-27 13:13:52 | Added to TrackCVE |