An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.
This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: OTRS
Published: 2023-07-24T08:27:55.315Z
Updated: 2024-08-02T17:30:12.921Z
Reserved: 2023-07-12T08:05:38.780Z
Link: CVE-2023-38057
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-24T09:15:09.927
Modified: 2023-08-04T18:48:27.357
Link: CVE-2023-38057
Redhat
No data.