Unrated severityNVD Advisory· Published May 21, 2019· Updated Aug 4, 2024

CVE-2019-10066

Description

An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

OTRS/Open Ticket Request Systemdescription
OTRS/OTRSAppointmentCalendarllm-create
Range: 5.0.x through 5.0.12
OTRS/Open Ticket Request System (OTRS)llm-fuzzy
Range: 7.x through 7.0.6

Patches

Vulnerability mechanics

References

community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000