Medium severity5.4NVD Advisory· Published Mar 13, 2019· Updated Jun 17, 2026
CVE-2019-9752
CVE-2019-9752
Description
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- Range: <5.0.34, <6.0.16, <7.0.4
- osv-coords5 versionspkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP2
< 5.0.42-bp151.3.3.1+ 4 more
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
Patches
Vulnerability mechanics
References
5- community.otrs.com/security-advisory-2019-01-security-update-for-otrs-frameworknvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/03/msg00023.htmlnvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.