Medium severity4.6NVD Advisory· Published Mar 27, 2020· Updated Jun 17, 2026
CVE-2020-1771
CVE-2020-1771
Description
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- Range: <=6.0.26
- osv-coords5 versionspkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/otrs&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/otrs&distro=SUSE%20Package%20Hub%2015%20SP2
< 5.0.42-bp151.3.3.1+ 4 more
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 5.0.42-bp151.3.3.1
- (no CPE)range: < 6.0.29-bp152.2.5.4
- OTRS AG/((OTRS)) Community Editionv5Range: 6.0.x
Patches
Vulnerability mechanics
References
5- otrs.com/release-notes/otrs-security-advisory-2020-08/nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.htmlnvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.htmlnvdBroken Link
- lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlnvd
News mentions
0No linked articles in our index yet.