What the vulnerability does
01Description
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
CVSS base score
3.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
Key dates
02Disclosure timeline
September 5, 2022
CVE published
September 16, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-1775 Nextend Social Login and Register <= 3.1.12 - Reflected Self-Based Cross-Site Scripting via error_description
CVE-2023-26146
CVE-2023-30749 WordPress Optima Express + MarketBoost IDX Plugin Plugin <= 7.3.0 is vulnerable to Cross Site Scripting (XSS)
CVE-2025-49960 WordPress LeadBI Plugin for WordPress plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability
CVE-2022-43579 IBM Sterling B2B Integrator Standard Edition cross-site scripting
