OTOBO Release note

OTOBO 10.0.13 – Security Patch

08 October 2021


  • Open Redirect in external URL jump.
    If activated, ExternalURLJump provided an open redirect, which could be used in phishing attacks to mask a link to a malicious website to an unsuspecting person.
  • Possible js injection in dynamic field error messages.
    The OTOBO admin had the possibility to inject js code into dynamic field error messages.

Criticality: Low to middle.

Also new:

  • Reactivate Support Data Collector plugin OS::DiskSpace.
  • Several improvements to the OTRS->OTOBO migration and bugfixes.

Please update your system.