CVE-2022-39049 Information

Description

An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.

Reference

https://otrs.com/release-notes/otrs-security-advisory-2022-10/