survey-module
Corrigé dans
6.0.21
7.0.20
CVE-2021-21434 describes a cross-site scripting (XSS) vulnerability within the Survey Module of OTRS. An attacker, specifically a malicious survey administrator, can craft a survey designed to execute arbitrary JavaScript code within the agent interface when another agent views or interacts with the survey. This vulnerability affects OTRS Survey versions 6.0.x prior to 6.0.20 and 7.0.x prior to 7.0.19. A patch is available to resolve this issue.
The primary impact of this XSS vulnerability lies in the potential for an attacker to execute malicious JavaScript code within the context of an authenticated agent's session. This could lead to several harmful outcomes, including session hijacking, credential theft (e.g., stealing agent passwords), redirection to phishing sites, and defacement of the agent interface. The attacker could potentially gain access to sensitive customer data or internal OTRS systems if the agent has elevated privileges. While the CVSS score is LOW, the potential for targeted attacks against specific agents within an organization makes this a concerning vulnerability, particularly in environments where agents handle sensitive information.
CVE-2021-21434 was publicly disclosed on February 8, 2021. There is no indication of active exploitation campaigns targeting this vulnerability at this time. It is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are available, demonstrating the ease with which the vulnerability can be triggered.
Organizations utilizing OTRS Survey for customer support or issue tracking are at risk. Specifically, environments where survey administrators have broad permissions and agents handle sensitive data are particularly vulnerable. Shared hosting environments where multiple customers share the same OTRS instance could also be affected if one customer's survey is malicious.
• php: Examine survey templates for suspicious JavaScript code or encoded characters. Use grep to search for patterns like <script> or javascript: within survey data.
grep -r '<script' /var/www/otrs/survey/templates• generic web: Monitor access logs for requests containing unusual or encoded characters in survey parameters. Look for POST requests to survey endpoints with suspicious data.
curl -s 'https://your-otrs-instance/survey/index.php?action=view&id=123' > /tmp/survey_request.txt
grep -i 'javascript:' /tmp/survey_request.txtdisclosure
Statut de l'Exploit
EPSS
0.36% (percentile 58%)
Vecteur CVSS
The recommended mitigation for CVE-2021-21434 is to upgrade to a patched version of OTRS Survey. OTRS AG has released fixes for versions 6.0.20 and later for the 6.0.x series, and 7.0.19 and later for the 7.0.x series. If immediate upgrading is not feasible, consider implementing strict input validation and output encoding within the survey creation process to prevent the injection of malicious scripts. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of defense. Regularly review survey templates for suspicious code.
Actualice el módulo Survey a la versión 6.0.21 o 7.0.20, o a una versión posterior. Esto corregirá la vulnerabilidad XSS que permite la ejecución de código malicioso en la interfaz del agente.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2021-21434 is a cross-site scripting (XSS) vulnerability in the OTRS Survey module, allowing malicious code execution in the agent interface through crafted surveys.
You are affected if you are running OTRS Survey versions 6.0.x prior to 6.0.20 or 7.0.x prior to 7.0.19.
Upgrade to OTRS Survey version 6.0.20 or later for the 6.0.x series, or 7.0.19 or later for the 7.0.x series. Implement input validation and output encoding as a temporary workaround.
There is no current evidence of active exploitation campaigns targeting this vulnerability, but public proof-of-concept exploits exist.
Refer to the official OTRS security advisory: https://otrs.com/security-advisories/otrs-survey-xss-vulnerability/
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.