VDB
CVE-2021-21441
CVE-2021-21441
PUBLISHED
There is a XSS vulnerability in the ticket overview screens. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions.
EPSS 0.30% · 53.1th percentile
Risk Scores
EPSS Score
0.30%
53.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | otrs2 | 5.0.23-1, 5.0.24-1, 6.0.1-1 |
| Ubuntu:20.04:LTS | otrs2 | 6.0.26-1, 0, 6.0.20-1 |
| Ubuntu:16.04:LTS | otrs2 | 5.0.5-1, 0, 5.0.1-1 |
| Ubuntu:22.04:LTS | otrs2 | 6.0.32-6, 6.1.2-1, 6.2.1-1 |
Timeline
- Jun 16, 2021 CVE Published
- Jun 17, 2021 EPSS Score
- Aug 17, 2021 EPSS Score
- Oct 17, 2021 EPSS Score
- Dec 16, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 15, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 16, 2022 EPSS Score
- Jun 16, 2022 EPSS Score
- Aug 16, 2022 EPSS Score
- Oct 16, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-21441 third-party-advisory
- https://otrs.com/release-notes/otrs-security-advisory-2021-11/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-21441 third-party-advisory