CVE-2020-1771 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-1771 Interim 1 16 2025-02-17T01:43:54Z current 2021-05-30T14:35:14Z 2025-02-17T01:43:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-1771 Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HV3MGQ2UEPGYIRJRUZLM3IXFHMD2WSCZ/ E-Mail link for openSUSE-SU-2020:0551-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3LYOX4CJJPHH5WJGU4WJCXSIRJ5YPPB7/ E-Mail link for openSUSE-SU-2020:1475-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S5NKKTAPXGTZI4XHFQ7KLWHRJLJIOZSW/ E-Mail link for openSUSE-SU-2020:1509-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 openSUSE Leap 15.1 openSUSE Leap 15.2 otrs-5.0.42-bp150.2.10.1 otrs-6.0.29-bp151.3.6.2 otrs-6.0.29-bp152.2.8.1 otrs-6.0.29-lp151.2.6.2 otrs-6.0.29-lp152.2.3.4 otrs-doc-5.0.42-bp150.2.10.1 otrs-doc-6.0.29-bp151.3.6.2 otrs-doc-6.0.29-bp152.2.8.1 otrs-doc-6.0.29-lp151.2.6.2 otrs-doc-6.0.29-lp152.2.3.4 otrs-itsm-5.0.42-bp150.2.10.1 otrs-itsm-6.0.29-bp151.3.6.2 otrs-itsm-6.0.29-bp152.2.8.1 otrs-itsm-6.0.29-lp151.2.6.2 otrs-itsm-6.0.29-lp152.2.3.4 otrs-5.0.42-bp150.2.10.1 as a component of SUSE Package Hub 15 otrs-doc-5.0.42-bp150.2.10.1 as a component of SUSE Package Hub 15 otrs-itsm-5.0.42-bp150.2.10.1 as a component of SUSE Package Hub 15 otrs-6.0.29-bp151.3.6.2 as a component of SUSE Package Hub 15 SP1 otrs-doc-6.0.29-bp151.3.6.2 as a component of SUSE Package Hub 15 SP1 otrs-itsm-6.0.29-bp151.3.6.2 as a component of SUSE Package Hub 15 SP1 otrs-6.0.29-bp152.2.8.1 as a component of SUSE Package Hub 15 SP2 otrs-doc-6.0.29-bp152.2.8.1 as a component of SUSE Package Hub 15 SP2 otrs-itsm-6.0.29-bp152.2.8.1 as a component of SUSE Package Hub 15 SP2 otrs-6.0.29-lp151.2.6.2 as a component of openSUSE Leap 15.1 otrs-doc-6.0.29-lp151.2.6.2 as a component of openSUSE Leap 15.1 otrs-itsm-6.0.29-lp151.2.6.2 as a component of openSUSE Leap 15.1 otrs-6.0.29-lp152.2.3.4 as a component of openSUSE Leap 15.2 otrs-doc-6.0.29-lp152.2.3.4 as a component of openSUSE Leap 15.2 otrs-itsm-6.0.29-lp152.2.3.4 as a component of openSUSE Leap 15.2 Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. CVE-2020-1771 SUSE Package Hub 15:otrs-5.0.42-bp150.2.10.1 SUSE Package Hub 15:otrs-doc-5.0.42-bp150.2.10.1 SUSE Package Hub 15:otrs-itsm-5.0.42-bp150.2.10.1 SUSE Package Hub 15 SP1:otrs-6.0.29-bp151.3.6.2 SUSE Package Hub 15 SP1:otrs-doc-6.0.29-bp151.3.6.2 SUSE Package Hub 15 SP1:otrs-itsm-6.0.29-bp151.3.6.2 SUSE Package Hub 15 SP2:otrs-6.0.29-bp152.2.8.1 SUSE Package Hub 15 SP2:otrs-doc-6.0.29-bp152.2.8.1 SUSE Package Hub 15 SP2:otrs-itsm-6.0.29-bp152.2.8.1 openSUSE Leap 15.1:otrs-6.0.29-lp151.2.6.2 openSUSE Leap 15.1:otrs-doc-6.0.29-lp151.2.6.2 openSUSE Leap 15.1:otrs-itsm-6.0.29-lp151.2.6.2 openSUSE Leap 15.2:otrs-6.0.29-lp152.2.3.4 openSUSE Leap 15.2:otrs-doc-6.0.29-lp152.2.3.4 openSUSE Leap 15.2:otrs-itsm-6.0.29-lp152.2.3.4 moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N