CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-21442

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.6%

CVSS Severity

CVSS v3 Score 4.5

CVSS v2 Score 4.3

References

https://otrs.com/release-notes/otrs-security-advisory-2021-12/
https://otrs.com/release-notes/otrs-security-advisory-2021-12/

Products affected by CVE-2021-21442

Otrs » Time Accounting » Version: 7.0.0

cpe:2.3:a:otrs:time_accounting:7.0.0
Otrs » Time Accounting » Version: 7.0.19

cpe:2.3:a:otrs:time_accounting:7.0.19

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21442

Products

Pricing

Contact Us