|Description||An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
The information below is based on the following data on fixed versions.
[stretch] - otrs2 <ignored> (Non-free not supported)
OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c
OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf
OTRS 5: https://github.com/OTRS/otrs/commit/edbc7371a52fc5d0032e934d2456b5f39da317f1
OTRS 5: https://github.com/OTRS/otrs/commit/2d85ce89515db8e94b36ea8ba97f21e27aa66efd