Candidate: CVE-2022-0473
PublicDate: 2022-02-07 11:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0473
 https://otrs.com/release-notes/otrs-security-advisory-2022-01/
Description:
 OTRS administrators can configure dynamic field and inject malicious
 JavaScript code in the error message of the regular expression check. When
 used in the agent interface, malicious code might be exectued in the
 browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior
 versions.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N [4.8 MEDIUM]


Patches_otrs:
upstream_otrs: needs-triage
trusty_otrs: ignored (out of standard support)
xenial_otrs: ignored (out of standard support)