Description
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =2.0.4p01-10 || =2.0.4p01-11 || =2.0.4p01-12 || =2.0.4p01-13 || =2.0.4p01-14 || =2.0.4p01-14.1 || =2.0.4p01-15 || =2.0.4p01-16 || =2.0.4p01-17 || =2.0.4p01-18 || =2.0.4p01-6 || =2.0.4p01-7 || =2.0.4p01-8 || =2.0.4p01-9 || =2.0.99beta1-1 || =2.0.99beta1-2 || =2.1.1-1 || =2.1.3-1 || =2.1.4-1 || =2.1.4-2 || =2.1.5-1 || =2.1.5-2 || =2.1.5-3 || =2.1.6-1 || =2.1.7-1 || =2.1.7-2 || =2.2.0~beta2-1 || =2.2.0~beta3-1 || =2.2.1-1 || =2.2.2-1 || =2.2.3-1 || =2.2.4-1 || =2.2.5-1 || =2.2.5-2 || =2.2.6-1 || =2.2.7-1 || =2.2.7-2 || =2.2.7-2lenny1 || =2.2.7-2lenny2 || =2.2.7-2lenny3 || =2.2.7-3 || =2.3.2-1 || =2.3.2-2 || =2.3.3-1 || =2.3.4-1 || =2.3.4-2 || =2.3.4-3 || =2.3.4-4 || =2.3.4-5 || =2.3.4-6 || =2.3.4-7 || =2.4.10+dfsg1-1 || =2.4.10+dfsg1-2 || =2.4.10+dfsg1-3 || =2.4.5-1 || =2.4.5-2 || =2.4.5-3 || =2.4.5-4 || =2.4.5-5 || =2.4.6-1 || =2.4.6-2 || =2.4.7+dfsg1-1 || =2.4.7-1 || =2.4.7-2 || =2.4.7-3 || =2.4.7-4 || =2.4.7-5 || =2.4.7-6 || =2.4.8+dfsg1-1 || =2.4.9+dfsg1-1 || =2.4.9+dfsg1-2 || =2.4.9+dfsg1-3 || =2.4.9+dfsg1-3+squeeze1 || =2.4.9+dfsg1-3+squeeze3 || =2.4.9+dfsg1-3+squeeze4 || =2.4.9+dfsg1-3+squeeze5 || =2.4.9+dfsg1-4 || =2.4.9+dfsg1-5 || =3.0.10+dfsg1-1 || =3.0.10+dfsg1-2 || =3.0.11+dfsg1-1 || =3.0.8+dfsg1-1 || =3.0.9+dfsg1-1 || =3.1.0~beta4+dfsg1-1 || =3.1.0~beta5+dfsg1-1 || =3.1.0~rc1+dfsg1-1 || =3.1.1+dfsg1-1 || =3.1.1+dfsg1-2 || =3.1.10+dfsg1-1 || =3.1.11+dfsg1-1 || =3.1.12+dfsg1-1 || =3.1.12+dfsg1-2 || =3.1.12+dfsg1-3 || =3.1.2+dfsg1-1 || =3.1.2+dfsg1-2 || =3.1.2+dfsg1-3 || =3.1.3+dfsg1-1 || =3.1.3+dfsg1-2 || =3.1.4+dfsg1-1 || =3.1.5+dfsg1-1 || =3.1.5+dfsg1-2 || =3.1.5+dfsg1-3 || =3.1.6+dfsg1-1 || =3.1.7+dfsg1-1 || =3.1.7+dfsg1-2 || =3.1.7+dfsg1-3 || =3.1.7+dfsg1-4 || =3.1.7+dfsg1-5 || =3.1.7+dfsg1-6 || =3.1.7+dfsg1-7 || =3.1.7+dfsg1-8 || =3.1.8+dfsg1-1 || =3.1.9+dfsg1-1 || =3.2.1+dfsg1-1 || =3.2.10-1 || =3.2.10-2 || =3.2.11-1 || =3.2.11-1~bpo70+1 || =3.2.12-1 || =3.2.2+dfsg1-1 || =3.2.3+dfsg1-1 || =3.2.4-1 || =3.2.5-1 || =3.2.6-1 || =3.2.6-2 || =3.2.7-1 || =3.2.7-2 || =3.2.8-1 || =3.2.9-1 || =3.2.9-2 || =3.3.1-1 || =3.3.10-1 || =3.3.11-1 || =3.3.18-1~deb7u1 || =3.3.18-1~deb7u2 || =3.3.18-1~deb7u3 || =3.3.2-1 || =3.3.3-1 || =3.3.3-2 || =3.3.3-3 || =3.3.4-1 || =3.3.5-1 || =3.3.6-1 || =3.3.7-1 || =3.3.7-2 || =3.3.8-1 || =3.3.9-1 || =3.3.9-2 || =3.3.9-3 || =3.3.9-3~bpo70+1 || =4.0.10-1 || =4.0.11-1 || =4.0.12-1 || =4.0.13-1 || =4.0.13-1~bpo8+1 || =4.0.5-1 || =4.0.5-2 || =4.0.6-1 || =4.0.7-1 || =4.0.7-2 || =4.0.8-1 || =4.0.9-1 || =5.0.1-1 || =5.0.1-2 || =5.0.10-1 || =5.0.10-1~bpo8+1 || =5.0.11-1 || =5.0.12-1 || =5.0.13-1 || =5.0.13-1~bpo8+1 || =5.0.13-2 || =5.0.14-1 || =5.0.14-1~bpo8+1 || =5.0.15-1 || =5.0.16-1 || =5.0.16-1~bpo8+1 || =5.0.17-1 || =5.0.18-1 || =5.0.19-1 || =5.0.2-1 || =5.0.20-1 || =5.0.21-1 || =5.0.21-1~bpo9+1 || =5.0.22-1 || =5.0.23-1 || =5.0.23-1~bpo9+1 || =5.0.24-1 || =5.0.24-1~bpo9+1 || =5.0.3-1 || =5.0.5-1 || =5.0.6-1 || =5.0.6-1~bpo8+1 || =5.0.7-1 || =5.0.8+dfsg1-1 || =5.0.8-1 || =5.0.8-1~bpo8+1 || =5.0.9+dfsg1-1 || =5.0.9+repack1-1 || =6.0.1-1 || =6.0.10-1 || =6.0.11-1 || =6.0.11-1~bpo9+1 || =6.0.12-1 || =6.0.12-1~bpo9+1 || =6.0.13-1 || =6.0.14-1 || =6.0.15-1 || =6.0.2-1 || =6.0.3-1 || =6.0.4-1 || =6.0.5-1 || =6.0.6-1 || =6.0.7-1 || =6.0.8-1 || =6.0.8-1~bpo9+1 || =6.0.9-1 || =6.0.9-1~bpo9+1 || >=0 <6.0.16-1 | 6.0.16-1 |
