• Severity: high
• Products affected: OTRS Community Edition
• Versions affected: all versions prior to and including 6.0.40

In OTRS Community Edition version 6.0.40 and earlier, through a crafted URL, an attacker can inject malicious input into the HTTP response, leading to HTTP Response Splitting and Cross-Site Scripting (XSS) attacks, potentially compromising user information and the integrity of the application.

Users of the affected versions are encouraged to upgrade OTRS Community Edition to the most recent version (6.0.41).

Thanks to XBOW Security for reporting this vulnerability.