CVE-2022-0473 LOW

CVE-2022-0473: Dynamic field error message is vulnerable to XSS

Vendor Otrs Ag

Product OTRS

Weakness CWE-79 · XSS

Published February 7, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

3.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.

Key dates

02Disclosure timeline

February 7, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0473 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-22344 WordPress Media Category Library plugin <= 2.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-61797 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-0720 FactoMineR FactoInvestigate HTML Report Generator cross site scripting CVE-2025-23563 WordPress Explore pages plugin <= 1.01 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-49283 WordPress CURCY plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability