CVE-2019-12248

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources.

Published: Jun 17, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-12248
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
otrs / otrs	5.0.0	5.0.36.x
otrs / otrs	6.0.0	6.0.19.x
otrs / otrs	7.0.0	7.0.7.x
debian / debian_linux	8.0	8.0.x

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://www.otrs.com/category/release-and-security-notes-en/

Vulnerability Database

289,697

CVE-2019-12248