CVE-2018-11563

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-11563
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-11563.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-11563
Related
Published
2019-07-08T13:15:10Z
Modified
2024-10-12T03:07:55.706044Z
Severity
  • 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application.

References

Affected packages

Debian:11 / otrs2

Package

Name
otrs2
Purl
pkg:deb/debian/otrs2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.8-1

Affected versions

2.*

2.0.4p01-6
2.0.4p01-7
2.0.4p01-8
2.0.4p01-9
2.0.4p01-10
2.0.4p01-11
2.0.4p01-12
2.0.4p01-13
2.0.4p01-14
2.0.4p01-14.1
2.0.4p01-15
2.0.4p01-16
2.0.4p01-17
2.0.4p01-18
2.0.99beta1-1
2.0.99beta1-2
2.1.1-1
2.1.3-1
2.1.4-1
2.1.4-2
2.1.5-1
2.1.5-2
2.1.5-3
2.1.6-1
2.1.7-1
2.1.7-2
2.2.0~beta2-1
2.2.0~beta3-1
2.2.1-1
2.2.2-1
2.2.3-1
2.2.4-1
2.2.5-1
2.2.5-2
2.2.6-1
2.2.7-1
2.2.7-2
2.2.7-2lenny1
2.2.7-2lenny2
2.2.7-2lenny3
2.2.7-3
2.3.2-1
2.3.2-2
2.3.3-1
2.3.4-1
2.3.4-2
2.3.4-3
2.3.4-4
2.3.4-5
2.3.4-6
2.3.4-7
2.4.5-1
2.4.5-2
2.4.5-3
2.4.5-4
2.4.5-5
2.4.6-1
2.4.6-2
2.4.7-1
2.4.7-2
2.4.7-3
2.4.7-4
2.4.7-5
2.4.7-6
2.4.7+dfsg1-1
2.4.8+dfsg1-1
2.4.9+dfsg1-1
2.4.9+dfsg1-2
2.4.9+dfsg1-3
2.4.9+dfsg1-3+squeeze1
2.4.9+dfsg1-3+squeeze3
2.4.9+dfsg1-3+squeeze4
2.4.9+dfsg1-3+squeeze5
2.4.9+dfsg1-4
2.4.9+dfsg1-5
2.4.10+dfsg1-1
2.4.10+dfsg1-2
2.4.10+dfsg1-3

3.*

3.0.8+dfsg1-1
3.0.9+dfsg1-1
3.0.10+dfsg1-1
3.0.10+dfsg1-2
3.0.11+dfsg1-1
3.1.0~beta4+dfsg1-1
3.1.0~beta5+dfsg1-1
3.1.0~rc1+dfsg1-1
3.1.1+dfsg1-1
3.1.1+dfsg1-2
3.1.2+dfsg1-1
3.1.2+dfsg1-2
3.1.2+dfsg1-3
3.1.3+dfsg1-1
3.1.3+dfsg1-2
3.1.4+dfsg1-1
3.1.5+dfsg1-1
3.1.5+dfsg1-2
3.1.5+dfsg1-3
3.1.6+dfsg1-1
3.1.7+dfsg1-1
3.1.7+dfsg1-2
3.1.7+dfsg1-3
3.1.7+dfsg1-4
3.1.7+dfsg1-5
3.1.7+dfsg1-6
3.1.7+dfsg1-7
3.1.7+dfsg1-8
3.1.8+dfsg1-1
3.1.9+dfsg1-1
3.1.10+dfsg1-1
3.1.11+dfsg1-1
3.1.12+dfsg1-1
3.1.12+dfsg1-2
3.1.12+dfsg1-3
3.2.1+dfsg1-1
3.2.2+dfsg1-1
3.2.3+dfsg1-1
3.2.4-1
3.2.5-1
3.2.6-1
3.2.6-2
3.2.7-1
3.2.7-2
3.2.8-1
3.2.9-1
3.2.9-2
3.2.10-1
3.2.10-2
3.2.11-1~bpo70+1
3.2.11-1
3.2.12-1
3.3.1-1
3.3.2-1
3.3.3-1
3.3.3-2
3.3.3-3
3.3.4-1
3.3.5-1
3.3.6-1
3.3.7-1
3.3.7-2
3.3.8-1
3.3.9-1
3.3.9-2
3.3.9-3~bpo70+1
3.3.9-3
3.3.10-1
3.3.11-1
3.3.18-1~deb7u1
3.3.18-1~deb7u2
3.3.18-1~deb7u3

4.*

4.0.5-1
4.0.5-2
4.0.6-1
4.0.7-1
4.0.7-2
4.0.8-1
4.0.9-1
4.0.10-1
4.0.11-1
4.0.12-1
4.0.13-1~bpo8+1
4.0.13-1

5.*

5.0.1-1
5.0.1-2
5.0.2-1
5.0.3-1
5.0.5-1
5.0.6-1~bpo8+1
5.0.6-1
5.0.7-1
5.0.8-1~bpo8+1
5.0.8-1
5.0.8+dfsg1-1
5.0.9+dfsg1-1
5.0.9+repack1-1
5.0.10-1~bpo8+1
5.0.10-1
5.0.11-1
5.0.12-1
5.0.13-1~bpo8+1
5.0.13-1
5.0.13-2
5.0.14-1~bpo8+1
5.0.14-1
5.0.15-1
5.0.16-1~bpo8+1
5.0.16-1
5.0.17-1
5.0.18-1
5.0.19-1
5.0.20-1
5.0.21-1~bpo9+1
5.0.21-1
5.0.22-1
5.0.23-1~bpo9+1
5.0.23-1
5.0.24-1~bpo9+1
5.0.24-1

6.*

6.0.1-1
6.0.2-1
6.0.3-1
6.0.4-1
6.0.5-1
6.0.6-1
6.0.7-1
6.0.8-1~bpo9+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/otrs/otrs

Affected ranges

Type
GIT
Repo
https://github.com/otrs/otrs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

Other

rel-1_0_0-RC1
rel-1_0_0-RC2
rel-1_0_0-RC3
rel-1_0_0_rc1
rel-1_0_0_rc2
rel-1_0_0_rc3
rel-1_1_0-RC1
rel-1_1_0-RC2
rel-1_1_0_rc1
rel-1_1_0_rc2
rel-1_2_0-b1
rel-1_2_0-b2
rel-1_2_0-b3
rel-1_2_0_beta1
rel-1_2_0_beta2
rel-1_2_0_beta3
rel-1_2_1
rel-2_0_0-b1
rel-2_0_0_beta1
rel-2_0_1
rel-2_0_2
rel-2_0_3
rel-2_1_0-b1
rel-2_1_0-b2
rel-2_1_0_beta1
rel-2_1_0_beta2
rel-2_1_1
rel-2_1_2
rel-2_1_3
rel-2_2_0-b1
rel-2_2_0-b2
rel-2_2_0-b3
rel-2_2_0-b4
rel-2_2_0_beta1
rel-2_2_0_beta2
rel-2_2_0_beta3
rel-2_2_0_beta4
rel-2_2_1
rel-2_2_2
rel-2_3_1
rel-2_3_2
rel-2_4_0-b2
rel-2_4_0-b3
rel-2_4_0-b4
rel-2_4_0-b6
rel-2_4_0_beta2
rel-2_4_0_beta3
rel-2_4_0_beta4
rel-2_4_0_beta6
rel-2_4_1
rel-2_4_2
rel-2_4_3
rel-2_4_4
rel-3_0_0-b2
rel-3_0_0-b3
rel-3_0_0-b4
rel-3_0_0-b5
rel-3_0_0-b7
rel-3_0_0_beta2
rel-3_0_0_beta3
rel-3_0_0_beta4
rel-3_0_0_beta5
rel-3_0_0_beta7
rel-3_0_1
rel-3_0_2
rel-3_0_3
rel-3_0_4
rel-3_1_0-b1
rel-3_1_0-b3
rel-3_1_0-b4
rel-3_1_0-b5
rel-3_1_0-rc1
rel-3_1_0_beta1
rel-3_1_0_beta3
rel-3_1_0_beta4
rel-3_1_0_beta5
rel-3_1_0_rc1
rel-3_1_2
rel-3_1_4
rel-3_2_0_beta1
rel-3_2_0_beta2
rel-3_2_0_beta3
rel-3_2_0_beta4
rel-3_2_0_beta5
rel-3_2_0_rc1
rel-3_2_1
rel-3_2_2
rel-3_2_3
rel-3_2_4
rel-3_3_0_beta1
rel-3_3_0_beta2
rel-3_3_0_beta3
rel-3_3_0_beta4
rel-3_3_0_beta5
rel-3_3_0_rc1
rel-3_3_1
rel-4_0_0_beta1
rel-4_0_0_beta2
rel-4_0_0_beta3
rel-4_0_0_beta4
rel-4_0_0_beta5
rel-4_0_0_rc1
rel-5_0_0_alpha1
rel-5_0_0_beta1
rel-5_0_0_beta2
rel-5_0_0_beta3
rel-6_0_0_alpha1
rel-6_0_0_beta1
rel-6_0_0_beta2
rel-6_0_0_beta3
rel-6_0_0_beta4
rel-6_0_0_beta5
rel-6_0_0_rc1
rel-6_0_5
rel-6_0_6
rel-6_0_7