This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
"}],"value":"Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n"}],"impacts":[{"capecId":"CAPEC-63","descriptions":[{"lang":"en","value":"CAPEC-63 Cross-Site Scripting (XSS)"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8","shortName":"OTRS","dateUpdated":"2023-03-20T08:20:17.212Z"},"references":[{"url":"https://otrs.com/release-notes/otrs-security-advisory-2023-01/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\nUpdate to OTRS 7.0.42