An issue exists in Open Ticket Request System (OTRS) 5.x prior to 5.0.34, 6.x prior to 6.0.16, and 7.x prior to 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
otrs otrs |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
opensuse leap 15.2 |