CVE-2024-43443

Summary

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects:

  • OTRS from 7.0.X through 7.0.50
  • OTRS 8.0.X
  • OTRS 2023.X
  • OTRS from 2024.X through 2024.5.X
  • ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Affected Software

VendorProductVersion RangeStatus
OTRS AGOTRS7.0.x <= 7.0.50affected
OTRS AGOTRS8.0.xaffected
OTRS AGOTRS2023.xaffected
OTRS AGOTRS2024.x <= 2024.5.xaffected
OTRS AG((OTRS)) Community Edition6.0.xaffected

Weaknesses

  • CWE-790: CWE-790 Improper Filtering of Special Elements

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References