Low severity2.0NVD Advisory· Published Jan 10, 2020· Updated Jun 17, 2026
CVE-2020-1766
CVE-2020-1766
Description
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Range: <=5.0.39, <=6.0.24, <=7.0.13
- osv-coords5 versionspkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP2
< 5.0.42-bp151.3.3.1+ 4 more
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- OTRS AG/((OTRS)) Community Editionv5Range: 5.0.x version 5.0.39 and prior versions
Patches
Vulnerability mechanics
References
6- otrs.com/release-notes/otrs-security-advisory-2020-02/nvdPatchVendor Advisory
- lists.debian.org/debian-lts-announce/2020/01/msg00027.htmlnvdMailing ListNot ApplicableThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.htmlnvdBroken Link
- lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlnvd
News mentions
0No linked articles in our index yet.