CVE-2018-11563
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
- LOW
- NETWORK
- LOW
- UNCHANGED
- REQUIRED
- LOW
- LOW
- NONE
References
Advisory Timeline
- Published