CVE-2023-38057

Summary

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS7.0.x < 7.0.32affected
OTRS AGOTRS8.0.x < 8.0.13affected
OTRS AG((OTRS)) Community Edition6.0.x <= 6.0.22affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References