DescriptionOpen Ticket Request System (OTRS) 3.3.9 has XSS in requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)


This report for OTRS is quite vague/unclear and upstream can
not track the issue down to a specific fixed release claims though that
it should not be reproducible with versions later than 3.3.17.

Search for package or bug name: Reporting problems