By weakness (CWE)

CWE-116: related vulnerabilities

CVEs classified under CWE-116. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-48209HIGH 7.1

    OTRS ticket management systems contain a reflected cross-site scripting (XSS) vulnerability in how they handle user input during ticket operations. An attacker can craft a malicious URL containing JavaScript code and trick an authenticated agent into clicking it. When opened, the script executes within the agent's browser session, potentially allowing the attacker to steal session tokens, modify tickets, or perform actions on behalf of that agent. The attack requires social engineering to deliver the link but does not require the attacker to have direct system access.