{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-38057","title":"Title"},{"category":"description","text":"An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.\nThis issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.\n\n","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-38057","url":"https://www.suse.com/security/cve/CVE-2023-38057"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1213597 for CVE-2023-38057","url":"https://bugzilla.suse.com/1213597"}],"title":"SUSE CVE CVE-2023-38057","tracking":{"current_release_date":"2025-02-16T06:13:32Z","generator":{"date":"2023-07-25T02:18:35Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-38057","initial_release_date":"2023-07-25T02:18:35Z","revision_history":[{"date":"2023-07-25T02:18:35Z","number":"2","summary":"Current version"},{"date":"2025-01-01T02:00:23Z","number":"3","summary":"Current version"},{"date":"2025-02-14T06:20:23Z","number":"4","summary":"Current version"},{"date":"2025-02-16T06:13:32Z","number":"5","summary":"Current version"}],"status":"interim","version":"5"}}}