CVE-2019-9751

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-9751

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9751.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-9751

Downstream

DEBIAN-CVE-2019-9751

Published

2019-03-13T22:29:00.630Z

Modified

2026-03-14T09:44:20.091674Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.

References

https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9751.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "6.0.0"
            },
            {
                "fixed": "6.0.17"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "7.0.0"
            },
            {
                "fixed": "7.0.5"
            }
        ]
    }
]