CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
82.8%
The OTRS Project reports:
This advisory covers vulnerabilities discovered in the OTRS core
system. Due to the XSS vulnerability in Internet Explorer an attacker
could send a specially prepared HTML email to OTRS which would cause
JavaScript code to be executed in your Internet Explorer while
displaying the email.
Affected by this vulnerability are all releases of OTRS 2.4.x up to
and including 2.4.12, 3.0.x up to and including 3.0.14 and 3.1.x up to
and including 3.1.8 in combination with Internet Explorer.