ID CVE-2005-3894
Summary Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 15537
bugtraq 20051122 OTRS 1.x/2.x Multiple Security Issues
confirm http://otrs.org/advisory/OSA-2005-01-en/
debian DSA-973
fulldisc 20051122 OTRS 1.x/2.x Multiple Security Issues
misc http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
osvdb 21067
sectrack 1015262
secunia
  • 17685
  • 18101
  • 18887
suse SUSE-SR:2005:030
vupen ADV-2005-2535
xf
  • otrs-index-xss(23359)
  • otrs-queue-selection-xss(23356)
Last major update 20-07-2017 - 01:29
Published 29-11-2005 - 21:03
Last modified 20-07-2017 - 01:29
Back to Top