CVE-2021-21442
4.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Summary
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OTRS AG | Time Accounting | 7.0.x < 7.0.19 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.