Upstream information

CVE-2021-21442 at MITRE

Description

In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

SUSE Bugzilla entry: 1188738 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.