Skip to main content

CVE-2018-11563

Severity Medium
Score 4.9/10

Summary

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.

  • MEDIUM
  • NETWORK
  • SINGLE
  • PARTIAL
  • PARTIAL
  • NONE

References

Advisory Timeline

  • Published