Release Notes

Security Advisory 2017-01: Security Update for OTRS Business Solution™

OTRS Group, the world’s leading provider of the OTRS service management suite, including the fully managed OTRS solution and the ITIL® V3-compliant IT service management software OTRS::ITSM.


January 24, 2017 — Please read carefully and check if the version of your OTRS system is affected by this vulnerability.

Please send information regarding vulnerabilities in OTRS to:


Security Advisory Details


  • ID: OSA-2017-01
  • Date: 2017-01-24
  • Title: XSS Vulnerability in OTRS Business Solution
  • Severity: 3.2 low
  • Product: OTRS Business Solution™ 5.0.x (OTRS Business Solution5 and OTRS Business Solution5s)
  • Fixed in: OTRS Business Solution 5.0.15 (OTRS Business Solution5s)
  • References:


Vulnerability Description


This advisory covers vulnerabilities discovered in the OTRS Business Solution™.


Information Disclosure


  • An attacker could use the chat to send a message which could lead to the execution of JavaScript in OTRS context.


Affected by this vulnerability are all releases of OTRS Business Solution™ 5.0.x up to and including 5.0.14.

This vulnerability is fixed in the latest versions of OTRS Business Solution™, and it is recommended to upgrade via the OTRS Business Solution™ management module in the admin area of OTRS.

Release Name:

Security Advisory 2017-01: Security Update for OTRS Business Solution™


  • pub 2048R/9C227C6B 2011-03-21 [expires at: 2017-08-20]
  • uid OTRS Security Team <>
  • GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22 7C6B