CVE-2016-9139
MEDIUM6.1EPSS 0.23%otrs2 - security update
Published: 2/17/2017Modified: 3/9/2026
Also known as:DEBIAN-CVE-2016-9139DLA-787-1
Description
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
Affected packages (2)
- Debian/otrs2from 0, < 5.0.14-1
- Debian/otrs2from 0, < 3.1.7+dfsg1-8+deb7u6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |