CVE-2020-1766

Summary

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.

Affected Software

VendorProductVersion RangeStatus
OTRS AG((OTRS)) Community Edition5.0.x version 5.0.39 and prior versionsaffected
OTRS AG((OTRS)) Community Edition6.0.x version 6.0.24 and prior versionsaffected
OTRS AGOTRS7.0.x version 7.0.13 and prior versionsaffected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References