CVE-2019-10067
MEDIUM5.4EPSS 0.38%Published: 5/22/2019Modified: 4/28/2026
Also known as:DEBIAN-CVE-2019-10067
Description
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.
Affected packages (1)
- Debian/otrs2from 0, < 6.0.18-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |