CVE-2020-1766 LOW

CVE-2020-1766: Improper handling of uploaded inline images

Vendor Otrs Ag
Product ((OTRS)) Community Edition
Weakness CWE-79 · XSS
Published January 10, 2020
Last update September 17, 2024

CVSS base score

2.0/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Key dates

02Disclosure timeline

January 10, 2020 CVE published
September 17, 2024 Record updated