ID CVE-2005-3895
Summary Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
References
Vulnerable Configurations
  • Open Ticket Request System (OTRS) 1.0.0
    cpe:2.3:a:otrs:otrs:1.0.0
  • Open Ticket Request System (OTRS) 1.3.2
    cpe:2.3:a:otrs:otrs:1.3.2
  • Open Ticket Request System (OTRS) 2.0.0
    cpe:2.3:a:otrs:otrs:2.0.0
  • Open Ticket Request System (OTRS) 2.0.1
    cpe:2.3:a:otrs:otrs:2.0.1
  • Open Ticket Request System (OTRS) 2.0.2
    cpe:2.3:a:otrs:otrs:2.0.2
  • Open Ticket Request System (OTRS) 2.0.3
    cpe:2.3:a:otrs:otrs:2.0.3
CVSS
Base: 5.8 (as of 30-11-2005 - 13:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-973.NASL
description Several vulnerabilities have been discovered in otrs, the Open Ticket Request System, that can be exploited remotely. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3893 Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands and bypass authentication. - CVE-2005-3894 Multiple cross-site scripting vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. - CVE-2005-3895 Internally attached text/html mails are rendered as HTML when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML.
last seen 2019-02-21
modified 2018-07-20
plugin id 22839
published 2006-10-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=22839
title Debian DSA-973-1 : otrs - several vulnerabilities
refmap via4
bid 15537
bugtraq 20051122 OTRS 1.x/2.x Multiple Security Issues
confirm http://otrs.org/advisory/OSA-2005-01-en/
debian DSA-973
fulldisc 20051122 OTRS 1.x/2.x Multiple Security Issues
misc http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
osvdb 21066
secunia
  • 17685
  • 18101
  • 18887
sreason 200
suse SUSE-SR:2005:030
vupen ADV-2005-2535
xf otrs-email-attachment-xss(23355)
Last major update 17-10-2016 - 23:37
Published 29-11-2005 - 16:03
Last modified 19-07-2017 - 21:29
Back to Top