Candidate: CVE-2019-10066
PublicDate: 2019-05-22 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10066
 https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/
Description:
 An issue was discovered in Open Ticket Request System (OTRS) 7.x through
 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar
 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with
 appropriate permissions may create a carefully crafted calendar appointment
 in order to cause execution of JavaScript in the context of OTRS.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N [5.4 MEDIUM]


Patches_otrs2:
upstream_otrs2: released (6.0.18-1)
precise/esm_otrs2: DNE
trusty/esm_otrs2: DNE
xenial_otrs2: not-affected (code not present)
bionic_otrs2: needed
cosmic_otrs2: ignored (reached end-of-life)
disco_otrs2: ignored (reached end-of-life)
eoan_otrs2: not-affected (6.0.18-1)
focal_otrs2: not-affected (6.0.18-1)
groovy_otrs2: not-affected (6.0.18-1)
hirsute_otrs2: not-affected (6.0.18-1)
impish_otrs2: not-affected (6.0.18-1)
jammy_otrs2: not-affected (6.0.18-1)
devel_otrs2: not-affected (6.0.18-1)