UBUNTU-CVE-2023-5421

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-5421

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-5421.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-5421

Upstream

CVE-2023-5421

Published

2023-10-16T09:15:00Z

Modified

2026-01-20T18:26:53.449161Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Ubuntu - low

Summary

[none]

Details

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.

References

Affected packages

Ubuntu:16.04:LTS

otrs2

Package

Name: otrs2
Purl: pkg:deb/ubuntu/otrs2@5.0.7-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0.10-1

5.*

5.0.1-1

5.0.1-2

5.0.2-1

5.0.3-1

5.0.5-1

5.0.6-1

5.0.7-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.0.7-1",
            "binary_name": "otrs"
        },
        {
            "binary_version": "5.0.7-1",
            "binary_name": "otrs2"
        }
    ],
    "priority_reason": "Requires a non-default configuration to be vulnerable"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-5421.json"

Ubuntu:18.04:LTS

otrs2

Package

Name: otrs2
Purl: pkg:deb/ubuntu/otrs2@6.0.5-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.23-1

5.0.24-1

6.*

6.0.1-1

6.0.2-1

6.0.3-1

6.0.4-1

6.0.5-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.0.5-1",
            "binary_name": "otrs"
        },
        {
            "binary_version": "6.0.5-1",
            "binary_name": "otrs2"
        }
    ],
    "priority_reason": "Requires a non-default configuration to be vulnerable"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-5421.json"

Ubuntu:20.04:LTS

otrs2

Package

Name: otrs2
Purl: pkg:deb/ubuntu/otrs2@6.0.26-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.20-1

6.0.23-2

6.0.24-1

6.0.25-1

6.0.25-2

6.0.25-3

6.0.26-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.0.26-1",
            "binary_name": "otrs"
        },
        {
            "binary_version": "6.0.26-1",
            "binary_name": "otrs2"
        }
    ],
    "priority_reason": "Requires a non-default configuration to be vulnerable"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-5421.json"

Ubuntu:22.04:LTS

otrs2

Package

Name: otrs2
Purl: pkg:deb/ubuntu/otrs2@6.2.2-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.32-6

6.1.2-1

6.2.1-1

6.2.2-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.2.2-2",
            "binary_name": "otrs2"
        }
    ],
    "priority_reason": "Requires a non-default configuration to be vulnerable"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-5421.json"

Ubuntu:24.04:LTS

znuny

Package

Name: znuny
Purl: pkg:deb/ubuntu/znuny@6.5.6-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.3-1

6.5.4-1

6.5.5-1

6.5.6-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.5.6-1",
            "binary_name": "otrs2"
        },
        {
            "binary_version": "6.5.6-1",
            "binary_name": "znuny"
        }
    ],
    "priority_reason": "Requires a non-default configuration to be vulnerable"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-5421.json"

Ubuntu:25.10

znuny

Package

Name: znuny
Purl: pkg:deb/ubuntu/znuny@6.5.15-2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.5.14-1

6.5.15-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "6.5.15-2",
            "binary_name": "otrs2"
        },
        {
            "binary_version": "6.5.15-2",
            "binary_name": "znuny"
        }
    ],
    "priority_reason": "Requires a non-default configuration to be vulnerable"
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-5421.json"