CVEs-PoC/2020/CVE-2020-1771.md

### [CVE-2020-1771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1771)
![](https://img.shields.io/static/v1?label=Product&message=((OTRS))%20Community%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=OTRS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.0.x%3C%3D%206.0.26%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.x%3C%3D%207.0.15%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)

### Description

Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-1771