CVE-2016-9139
MEDIUM6.1EPSS 0.23%otrs2 - security update
發布日:2017/2/17修改日:2026/4/28
描述
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
受影響套件(2)
- Debian/otrs2from 0, < 5.0.14-1
- Debian/otrs2from 0, < 3.1.7+dfsg1-8+deb7u6
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |