Candidate: CVE-2016-9139
PublicDate: 2017-02-17 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9139
 https://www.otrs.com/security-advisory-2016-02-security-update-otrs/
 http://www.openwall.com/lists/oss-security/2016/11/01/5
Description:
 Cross-site scripting (XSS) vulnerability in Open Ticket Request System
 (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14
 allows remote attackers to inject arbitrary web script or HTML via a
 crafted attachment.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Jakub Żoczek
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]

Patches_otrs2:
upstream_otrs2: needs-triage
precise_otrs2: ignored (reached end-of-life)
precise/esm_otrs2: DNE (precise was needs-triage)
trusty_otrs2: ignored (reached end-of-life)
trusty/esm_otrs2: DNE (trusty was needed)
vivid/stable-phone-overlay_otrs2: DNE
vivid/ubuntu-core_otrs2: DNE
xenial_otrs2: ignored (end of standard support, was needed)
yakkety_otrs2: ignored (reached end-of-life)
zesty_otrs2: ignored (reached end-of-life)
artful_otrs2: ignored (reached end-of-life)
bionic_otrs2: not-affected (5.0.14-1)
cosmic_otrs2: not-affected (5.0.14-1)
disco_otrs2: not-affected (5.0.14-1)
eoan_otrs2: not-affected (5.0.14-1)
focal_otrs2: not-affected (5.0.14-1)
groovy_otrs2: not-affected (5.0.14-1)
hirsute_otrs2: not-affected (5.0.14-1)
impish_otrs2: not-affected (5.0.14-1)
jammy_otrs2: not-affected (5.0.14-1)
devel_otrs2: not-affected (5.0.14-1)