CVE-2023-38057 - Vulnerability Details - OpenCVE

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.
This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00284.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Otrs	Survey

Configuration 1 [-]

OR	cpe:2.3:a:otrs:survey:::::community:::*
	cpe:2.3:a:otrs:survey:::::-:::*
	cpe:2.3:a:otrs:survey:::::-:::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-41883	An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.

Fixes

Solution

Update Survey package to version 8.0.13 or 7.0.32

Workaround

No workaround given by the vendor.

References

Link	Providers
https://otrs.com/release-notes/otrs-security-advisory-2023-06/

History

Thu, 17 Oct 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: OTRS

Published: 2023-07-24T08:27:55.315Z

Updated: 2024-10-17T13:02:55.563Z

Reserved: 2023-07-12T08:05:38.780Z

Link: CVE-2023-38057

Vulnrichment

Updated: 2024-08-02T17:30:12.921Z

NVD

Status : Modified

Published: 2023-07-24T09:15:09.927

Modified: 2024-11-21T08:12:45.987

Link: CVE-2023-38057

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38057", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "state": "PUBLISHED", "assignerShortName": "OTRS", "dateReserved": "2023-07-12T08:05:38.780Z", "datePublished": "2023-07-24T08:27:55.315Z", "dateUpdated": "2024-10-17T13:02:55.563Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "Survey", "product": "OTRS", "vendor": "OTRS AG", "versions": [{"lessThan": "7.0.32", "status": "affected", "version": "7.0.x", "versionType": "Patch"}, {"lessThan": "8.0.13", "status": "affected", "version": "8.0.x", "versionType": "Patch"}]}, {"defaultStatus": "affected", "packageName": "Survey", "product": "((OTRS)) Community Edition", "vendor": "OTRS AG", "versions": [{"lessThanOrEqual": "6.0.22", "status": "affected", "version": "6.0.x", "versionType": "All"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Free text answers have to be used<br>"}], "value": "Free text answers have to be used\n"}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Special thanks to Daniel Mizael, Raphael Fiorin and Marcelo Makotofrom for reporting these vulnerability."}], "datePublic": "2023-07-24T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.<br><p>This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.</p>"}], "value": "An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.\nThis issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.\n\n"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2023-07-24T08:27:55.315Z"}, "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-06/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nUpdate Survey package to version 8.0.13 or 7.0.32\n<br>"}], "value": "Update Survey package to version 8.0.13 or 7.0.32\n\n"}], "source": {"advisory": "OSA-2023-06", "defect": ["Issue#769", "Ticket#2023020942001367"], "discovery": "EXTERNAL"}, "title": "XSS stored in survey answers", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:12.921Z"}, "title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-06/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-17T13:01:44.457515Z", "id": "CVE-2023-38057", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T13:02:55.563Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-06/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:12.921Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38057", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-17T13:01:44.457515Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-17T13:02:48.600Z"}}], "cna": {"title": "XSS stored in survey answers", "source": {"defect": ["Issue#769", "Ticket#2023020942001367"], "advisory": "OSA-2023-06", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Special thanks to Daniel Mizael, Raphael Fiorin and Marcelo Makotofrom for reporting these vulnerability."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OTRS AG", "product": "OTRS", "versions": [{"status": "affected", "version": "7.0.x", "lessThan": "7.0.32", "versionType": "Patch"}, {"status": "affected", "version": "8.0.x", "lessThan": "8.0.13", "versionType": "Patch"}], "packageName": "Survey", "defaultStatus": "affected"}, {"vendor": "OTRS AG", "product": "((OTRS)) Community Edition", "versions": [{"status": "affected", "version": "6.0.x", "versionType": "All", "lessThanOrEqual": "6.0.22"}], "packageName": "Survey", "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Update Survey package to version 8.0.13 or 7.0.32\n\n", "supportingMedia": [{"type": "text/html", "value": "\nUpdate Survey package to version 8.0.13 or 7.0.32\n<br>", "base64": false}]}], "datePublic": "2023-07-24T07:00:00.000Z", "references": [{"url": "https://otrs.com/release-notes/otrs-security-advisory-2023-06/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.\nThis issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.\n\n", "supportingMedia": [{"type": "text/html", "value": "An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.<br><p>This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "configurations": [{"lang": "en", "value": "Free text answers have to be used\n", "supportingMedia": [{"type": "text/html", "value": "Free text answers have to be used<br>", "base64": false}]}], "providerMetadata": {"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "shortName": "OTRS", "dateUpdated": "2023-07-24T08:27:55.315Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38057", "state": "PUBLISHED", "dateUpdated": "2024-10-17T13:02:55.563Z", "dateReserved": "2023-07-12T08:05:38.780Z", "assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8", "datePublished": "2023-07-24T08:27:55.315Z", "assignerShortName": "OTRS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:otrs:survey:*:*:*:*:community:*:*:*", "matchCriteriaId": "2C028891-8D6D-487A-B1A8-F7635C679067", "versionEndIncluding": "6.0.22", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:survey:*:*:*:*:-:*:*:*", "matchCriteriaId": "1DA2C542-3BDD-4E5C-870B-C9FE32BE6B70", "versionEndExcluding": "7.0.32", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:otrs:survey:*:*:*:*:-:*:*:*", "matchCriteriaId": "223E24C7-C368-4822-9BDF-BF5403113847", "versionEndExcluding": "8.0.13", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.\nThis issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.\n\n"}], "id": "CVE-2023-38057", "lastModified": "2024-11-21T08:12:45.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security@otrs.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-24T09:15:09.927", "references": [{"source": "security@otrs.com", "tags": ["Vendor Advisory"], "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-06/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://otrs.com/release-notes/otrs-security-advisory-2023-06/"}], "sourceIdentifier": "security@otrs.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@otrs.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}