Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-38057

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.

Published

2023-07-24T09:15:09.927

Last Modified

2024-11-21T08:12:45.987

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	otrs	survey	≤ 6.0.22	Yes
Application	otrs	survey	< 7.0.32	Yes
Application	otrs	survey	< 8.0.13	Yes

References

https://otrs.com/release-notes/otrs-security-advisory-2023-06/ Vendor Advisory ([email protected])
https://otrs.com/release-notes/otrs-security-advisory-2023-06/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)