CVE-2018-11563
Summary
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.
- MEDIUM
- NETWORK
- SINGLE
- PARTIAL
- PARTIAL
- NONE
References
Advisory Timeline
- Published