CVE-2021-21441

There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.

Published: Jun 16, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21441
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
otrs / otrs	6.0.1	6.0.1.x
otrs / otrs	7.0.0	7.0.26.x

https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html
https://otrs.com/release-notes/otrs-security-advisory-2021-11/

Vulnerability Database

289,784

CVE-2021-21441