ad-password arrow-down-ring arrow-left arrow-right auto-select cog customer-id excel-statistics external-link featured github icn-admin icn-developer icn-evaluierung icn-installation icn-keyuser icn-konzeptionierung icn-master icn-performance icn-review last-contact linkedin map-person messages multi-upload no-eye out-of-office password-guidlines pending-time phone plus proxy-support quick-close search service-catalog setting-search shield sugarcrm-integration tag-cloud ticket-create twitter watch-arrow watchlist xing

ZSA-2020-12

jQuery version 3.4.1 is vulnerable to cross-site-scripting

Problem

OTRS uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS).

Solution

Upgrade to the latest available OTRS patch level (https://ftp.otrs.org/pub/otrs/).

Workaround

The official fix for this issue changes more than 40 files in OTRS. Therefore, there is no workaround. Your OTRS installation must be updated to version 6.0.30.

ATTENTION: Please check if you have any files in your OTRS installation that have been changed by additional add-ons. In that case you MUST NOT update your OTRS. Please contact us instead.

References