CVE-2019-9752
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 5.x anteriores a la 5.0.34, CVErsiones 6.x anteriores a la 6.0.16 y CVErsiones 7.x anteriores a la 7.0.4. Un atacante que haya iniciado sesión en OTRS como usuario agente o cliente podría subir un recurso manipulado para provocar la ejecución de JavaScript en el contexto de OTRS. Esto está relacionado con la gestión incorrecta de Content-type en Kernel/Modules/PictureUpload.pm.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-03-13 CVE Reserved
- 2019-03-13 CVE Published
- 2024-08-03 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2019/03/msg00023.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework | 2022-05-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 5.0.0 < 5.0.34 Search vendor "Otrs" for product "Otrs" and version " >= 5.0.0 < 5.0.34" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 6.0.0 < 6.0.16 Search vendor "Otrs" for product "Otrs" and version " >= 6.0.0 < 6.0.16" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 7.0.0 < 7.0.4 Search vendor "Otrs" for product "Otrs" and version " >= 7.0.0 < 7.0.4" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Backports Sle Search vendor "Opensuse" for product "Backports Sle" | 15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0" | sp1 |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Backports Sle Search vendor "Opensuse" for product "Backports Sle" | 15.0 Search vendor "Opensuse" for product "Backports Sle" and version "15.0" | sp2 |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
|