ad-password arrow-down-ring arrow-left arrow-right auto-select cog customer-id excel-statistics external-link featured github icn-admin icn-developer icn-evaluierung icn-installation icn-keyuser icn-konzeptionierung icn-master icn-performance icn-review last-contact linkedin map-person messages multi-upload no-eye out-of-office password-guidlines pending-time phone plus proxy-support quick-close search service-catalog setting-search shield sugarcrm-integration tag-cloud ticket-create twitter watch-arrow watchlist xing wechat qq weibo

ZSA-2020-12

jQuery version 3.4.1 is vulnerable to cross-site-scripting.

问题

OTRS uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS).

临时方案

The official fix for this issue changes more than 40 files in OTRS. Therefore, there is no workaround. Your OTRS installation must be updated to version 6.0.30.

解决方案

Upgrade to the latest available OTRS patch level (download.znuny.org).

ATTENTION: Please check if you have any files in your OTRS installation that have been changed by additional add-ons. In that case you MUST NOT update your OTRS. Please contact us instead.

参考