Switch language to english
Znuny Professional Services

Der ((OTRS)) Community Edition Fork mit Langzeit-Support (LTS)

Überblick

ZSA-2022-01

Date
2022-03-09
Affected
all versions of Znuny LTS <= 6.0.39, Znuny <= 6.2.2, ((OTRS)) Community Edition <= 6.0.30
Severity
medium
CVE
CVE-2021-41182, CVE-2021-41183, CVE-2021-41184

Prior version 1.13.0. there are some XSS vulnerabilities in jQuery Ui. XSS is possible via the altField option of the Datepicker widget, various *Text options of the Datepicker and the of option of the position() util

The issue is fixed in the current releases Znuny LTS 6.0.40 and Znuny 6.3.1 . All download links can be found in the release notes 6.0.40 / release notes 6.3.

Please update as soon as possible.