CVE-2021-36092 MEDIUM

CVE-2021-36092: XSS attack using special link in email

Vendor Otrs Ag
Product ((OTRS)) Community Edition
Weakness CWE-79 · XSS
Published July 26, 2021
Last update September 17, 2024
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.

Key dates

02Disclosure timeline

July 26, 2021 CVE published
September 17, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2014-125088 qt-users-jp silk header.qml cross site scripting CVE-2024-10895 Counter Up – Animated Number Counter & Milestone Showcase <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-46915 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization CVE-2023-46088 WordPress WP Full Stripe Free Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)