3 results (0.006 seconds)

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22. • https://otrs.com/release-notes/otrs-security-advisory-2023-06 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7. Una vulnerabilidad de Deserialización de Datos No Confiables en la biblioteca CheckboxWeb.dll de Checkbox Survey, permite a un atacante remoto no autenticado ejecutar código arbitrario. Este problema afecta: Checkbox Survey versiones anteriores a 7 Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. • https://www.kb.cert.org/vuls/id/706695 • CWE-502: Deserialization of Untrusted Data •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions. El administrador de la encuesta puede diseñar una encuesta tal que pueda ser ejecutado un código malicioso en la interfaz del agente (es decir, otro agente que quiera hacer cambios en la encuesta). Este problema afecta: OTRS AG Survey versiones 6.0.x versión 6.0.20 y versiones anteriores; versiones 7.0.x versión 7.0.19 y versiones anteriores • https://otrs.com/release-notes/otrs-security-advisory-2021-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •