CVE-2024-43443

Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://otrs.com/release-notes/otrs-security-advisory-2024-11/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La neutralización inadecuada de la entrada realizada por un atacante con privilegios de administrador ("Cross-site Scripting") en Process Management modules of OTRS and ((OTRS)) Community Edition permite Cross-Site Scripting (XSS) dentro de Process Management dirigido a otros administradores. Este problema afecta a: * OTRS desde 7.0.X hasta 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS desde 2024.X hasta 2024.5.X * ((OTRS)) Edición comunitaria: 6.0.x Productos basados en ((OTRS)) Community Edition también es muy probable que se vea afectada

26 Aug 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-26 09:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-43443

Mitre link : CVE-2024-43443

CVE.ORG link : CVE-2024-43443

JSON object : View

Products Affected

No product.

CWE

CWE-790

Improper Filtering of Special Elements

4.9 /10