cvelist/2022/0xxx/CVE-2022-0473.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@otrs.com",
        "DATE_PUBLIC": "2022-02-07T09:00:00.000Z",
        "ID": "CVE-2022-0473",
        "STATE": "PUBLIC",
        "TITLE": "Dynamic field error message is vulnerable to XSS"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "OTRS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "7.0.x",
                                            "version_value": "7.0.31"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "OTRS AG"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. \nThis issue affects:\nOTRS AG OTRS\n7.0.x version: 7.0.31 and prior versions."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.9"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/",
                "refsource": "CONFIRM",
                "url": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "Update to OTRS 7.0.32"
        }
    ],
    "source": {
        "advisory": "OSA-2022-01",
        "defect": [
            "2021093042002361"
        ],
        "discovery": "USER"
    }
}
"-Synchronized-Data." 2022-02-02 08:01:07 +00:00			`{`
			`"CVE_data_meta": {`
Added OSA for 2022-02-07 2022-02-07 11:18:36 +01:00			`"ASSIGNER": "security@otrs.com",`
			`"DATE_PUBLIC": "2022-02-07T09:00:00.000Z",`
"-Synchronized-Data." 2022-02-02 08:01:07 +00:00			`"ID": "CVE-2022-0473",`
Added OSA for 2022-02-07 2022-02-07 11:18:36 +01:00			`"STATE": "PUBLIC",`
			`"TITLE": "Dynamic field error message is vulnerable to XSS"`
"-Synchronized-Data." 2022-02-02 08:01:07 +00:00			`},`
Added OSA for 2022-02-07 2022-02-07 11:18:36 +01:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "OTRS",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "7.0.x",`
			`"version_value": "7.0.31"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "OTRS AG"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-02-02 08:01:07 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
Added OSA for 2022-02-07 2022-02-07 11:18:36 +01:00			`"value": "OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. \nThis issue affects:\nOTRS AG OTRS\n7.0.x version: 7.0.31 and prior versions."`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.9"`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 3.8,`
			`"baseSeverity": "LOW",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-79 Cross-site Scripting (XSS)"`
			`}`
			`]`
"-Synchronized-Data." 2022-02-02 08:01:07 +00:00			`}`
			`]`
Added OSA for 2022-02-07 2022-02-07 11:18:36 +01:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/",`
			`"refsource": "CONFIRM",`
			`"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-01/"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "Update to OTRS 7.0.32"`
			`}`
			`],`
			`"source": {`
			`"advisory": "OSA-2022-01",`
			`"defect": [`
			`"2021093042002361"`
			`],`
			`"discovery": "USER"`
"-Synchronized-Data." 2022-02-02 08:01:07 +00:00			`}`
			`}`