ID CVE-2005-3895
Summary Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
References
Vulnerable Configurations
  • cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:otrs:otrs:2.0.3:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 15537
bugtraq 20051122 OTRS 1.x/2.x Multiple Security Issues
confirm http://otrs.org/advisory/OSA-2005-01-en/
debian DSA-973
fulldisc 20051122 OTRS 1.x/2.x Multiple Security Issues
misc http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
osvdb 21066
secunia
  • 17685
  • 18101
  • 18887
sreason 200
suse SUSE-SR:2005:030
vupen ADV-2005-2535
xf otrs-email-attachment-xss(23355)
Last major update 20-07-2017 - 01:29
Published 29-11-2005 - 21:03
Back to Top