{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2022-39050","title":"Title"},{"category":"description","text":"An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2022-39050","url":"https://www.suse.com/security/cve/CVE-2022-39050"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1203131 for CVE-2022-39050","url":"https://bugzilla.suse.com/1203131"}],"title":"SUSE CVE CVE-2022-39050","tracking":{"current_release_date":"2025-02-16T07:17:38Z","generator":{"date":"2023-02-15T03:23:57Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2022-39050","initial_release_date":"2023-02-15T03:23:57Z","revision_history":[{"date":"2023-02-15T03:23:57Z","number":"2","summary":"Current version"},{"date":"2025-01-01T02:55:51Z","number":"3","summary":"Current version"},{"date":"2025-02-14T07:31:52Z","number":"4","summary":"Current version"},{"date":"2025-02-16T07:17:38Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}