Vulnerabilites related to otrs - otrs_itsm
CVE-2012-2582 (GCVE-0-2012-2582)
Vulnerability from cvelistv5
Published
2012-08-23 10:00
Modified
2024-08-06 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"name": "VU#582879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"name": "50513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50513"
},
{
"name": "DSA-2536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-06T10:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "openSUSE-SU-2012:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"name": "VU#582879",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"name": "50513",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50513"
},
{
"name": "DSA-2536",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:1105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"name": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"name": "VU#582879",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"name": "50513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50513"
},
{
"name": "DSA-2536",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2582",
"datePublished": "2012-08-23T10:00:00",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4718 (GCVE-0-2013-4718)
Vulnerability from cvelistv5
Published
2021-08-09 18:03
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T18:03:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4718",
"datePublished": "2021-08-09T18:03:05",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36100 (GCVE-0-2021-36100)
Vulnerability from cvelistv5
Published
2022-03-21 09:15
Modified
2024-09-17 02:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- rce
Summary
Specially crafted string in OTRS system configuration can allow the execution of any system command.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | OTRS AG | OTRS |
Version: 8.0.x < Version: 7.0.x < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OTRS",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "8.0.19",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.0.32",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
}
]
},
{
"product": "SystemMonitoring",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.18",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.8",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
},
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "OTRSSTORM",
"vendor": "OTRS AG",
"versions": [
{
"lessThanOrEqual": "7.0.27",
"status": "affected",
"version": "7.0.x",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.11",
"status": "affected",
"version": "8.0.x",
"versionType": "custom"
},
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
},
{
"product": "((OTRS)) Community Edition",
"vendor": "OTRS AG",
"versions": [
{
"lessThan": "6.0.x*",
"status": "affected",
"version": "6.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Rayhan Ahmed and Maxime Brigaudeau for reporting these vulnerability."
}
],
"datePublic": "2022-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Specially crafted string in OTRS system configuration can allow the execution of any system command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "rce",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T02:07:07.668759",
"orgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"shortName": "OTRS"
},
"references": [
{
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
},
{
"name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to OTRS 8.0.20, OTRS 7.0.33. Update to OTRSSTORM 8.0.12, OTRS 7.0.28. Update to SystemMonitoring 8.0.9, OTRS 7.0.19."
}
],
"source": {
"advisory": "OSA-2022-03",
"defect": [
"2020093042003988",
"2020090442000735",
"2021102242000358"
],
"discovery": "USER"
},
"title": "Authenticated remote code execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e1bf29f-dc29-4ed8-830c-7b9348b6f0e8",
"assignerShortName": "OTRS",
"cveId": "CVE-2021-36100",
"datePublished": "2022-03-21T09:15:24.697180Z",
"dateReserved": "2021-07-01T00:00:00",
"dateUpdated": "2024-09-17T02:00:46.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4600 (GCVE-0-2012-4600)
Vulnerability from cvelistv5
Published
2012-08-31 14:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
},
{
"name": "50615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name": "VU#511404",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
},
{
"name": "50615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name": "VU#511404",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://znuny.com/en/#!/advisory/ZSA-2012-02",
"refsource": "MISC",
"url": "http://znuny.com/en/#!/advisory/ZSA-2012-02"
},
{
"name": "50615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50615"
},
{
"name": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name": "VU#511404",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/511404"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4600",
"datePublished": "2012-08-31T14:00:00",
"dateReserved": "2012-08-22T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2625 (GCVE-0-2013-2625)
Vulnerability from cvelistv5
Published
2019-11-27 18:08
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-27T18:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2625",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"name": "http://www.securityfocus.com/bid/58936",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/58936"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2625",
"datePublished": "2019-11-27T18:08:35",
"dateReserved": "2013-03-18T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4717 (GCVE-0-2013-4717)
Vulnerability from cvelistv5
Published
2021-08-09 18:03
Modified
2024-08-06 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:27.033Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-09T18:03:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4717",
"datePublished": "2021-08-09T18:03:00",
"dateReserved": "2013-06-27T00:00:00",
"dateUpdated": "2024-08-06T16:52:27.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2637 (GCVE-0-2013-2637)
Vulnerability from cvelistv5
Published
2020-02-12 16:07
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/24922"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T16:07:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/58930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/24922"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"name": "http://www.securityfocus.com/bid/58930",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/58930"
},
{
"name": "http://www.exploit-db.com/exploits/24922",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/24922"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2637",
"datePublished": "2020-02-12T16:07:19",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3551 (GCVE-0-2013-3551)
Vulnerability from cvelistv5
Published
2020-02-21 15:35
Modified
2024-08-06 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-21T15:35:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2013-0196.html",
"refsource": "MISC",
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3551",
"datePublished": "2020-02-21T15:35:41",
"dateReserved": "2013-05-16T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-11-27 19:15
Modified
2024-11-21 01:52
Severity ?
Summary
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | faq | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_help_desk | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| otrs | otrs_itsm | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE24232-72B7-40BC-BDC9-4889D3C80842",
"versionEndExcluding": "2.0.8",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51091CA-6321-45F1-9FAA-EB45AF1949BA",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9DC926-6983-499F-964B-5EB88112B522",
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1A2A1D-F946-47E6-8183-A971AF6EC301",
"versionEndExcluding": "3.0.19",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37B820B3-72F1-43C3-80B1-D0C18DE1C261",
"versionEndExcluding": "3.1.14",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_help_desk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28F96A54-4D16-4166-B422-E55C2D5C82FD",
"versionEndExcluding": "3.2.4",
"versionStartExcluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D294EC50-C72B-4DF4-A868-4AE6A8FDCFED",
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23D8BE-818F-4F17-93C4-6E35840648AD",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92B9FDF3-4FE0-4C4E-80D2-4EE05CA898D6",
"versionEndExcluding": "3.2.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified"
},
{
"lang": "es",
"value": "Existe un problema de Omisi\u00f3n de Acceso en OTRS Help Desk versiones anteriores a la versi\u00f3n 3.2.4, 3.1.14 y 3.0.19, OTRS ITSM versiones anteriores a la versi\u00f3n 3.2.3, 3.1.8 y 3.0.7, y FAQ versiones anteriores a la versi\u00f3n 2.2.3, 2.1.4, y 2.0.8. Los derechos de acceso por el mecanismo de enlace de objetos no son comprobados."
}
],
"id": "CVE-2013-2625",
"lastModified": "2024-11-21T01:52:03.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-27T19:15:11.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-12 17:15
Modified
2024-11-21 01:52
Severity ?
Summary
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.exploit-db.com/exploits/24922 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securityfocus.com/bid/58930 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/24922 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/58930 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 | Third Party Advisory, VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "002EF3F8-1077-4C5D-A487-357AB6BFEB95",
"versionEndExcluding": "2.0.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A51091CA-6321-45F1-9FAA-EB45AF1949BA",
"versionEndExcluding": "2.1.4",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76BF84E1-3633-4CFF-BB7B-4B126D1FD435",
"versionEndExcluding": "3.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23D8BE-818F-4F17-93C4-6E35840648AD",
"versionEndExcluding": "3.1.8",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6303666A-A55B-436F-8895-D0F63F387E50",
"versionEndExcluding": "3.2.4",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en OTRS ITSM versiones anteriores a 3.2.4, 3.1.8 y 3.0.7 y FAQ versiones anteriores a 2.1.4 y 2.0.8, por medio de changes, workorder items, y FAQ articles, podr\u00edan permitir a un usuario malicioso remoto ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2013-2637",
"lastModified": "2024-11-21T01:52:05.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-12T17:15:11.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24922"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58930"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.exploit-db.com/exploits/24922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83288"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-21 10:15
Modified
2024-11-21 06:13
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Specially crafted string in OTRS system configuration can allow the execution of any system command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A9679A-37CF-4131-B232-C06B4986BE7B",
"versionEndExcluding": "7.0.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7561495-72DA-4EB0-8CD5-D8A8BE46DD25",
"versionEndExcluding": "7.0.33",
"versionStartIncluding": "7.0.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDE9F37-595F-47EE-937F-0FE0D7F2B045",
"versionEndExcluding": "8.0.21",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EA7692-CEC4-4BC8-8119-784DF193FBCC",
"versionEndExcluding": "7.0.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FEE8295-FA8D-4175-9B0D-482CCE3B342A",
"versionEndExcluding": "8.0.28",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_storm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABFC3737-F958-4706-ACED-5240478E5130",
"versionEndExcluding": "8.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Specially crafted string in OTRS system configuration can allow the execution of any system command."
},
{
"lang": "es",
"value": "Una cadena especialmente dise\u00f1ada en la configuraci\u00f3n del sistema OTRS puede permitir la ejecuci\u00f3n de cualquier comando del sistema"
}
],
"id": "CVE-2021-36100",
"lastModified": "2024-11-21T06:13:09.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "security@otrs.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-21T10:15:07.777",
"references": [
{
"source": "security@otrs.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "security@otrs.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://otrs.com/release-notes/otrs-security-advisory-2022-03/"
}
],
"sourceIdentifier": "security@otrs.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 19:15
Modified
2024-11-21 01:56
Severity ?
Summary
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FCD021-75D4-4277-9AC9-83289478ECD3",
"versionEndIncluding": "3.0.21",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC16347-0CF1-4EAA-ADC7-31A91AEE2479",
"versionEndIncluding": "3.1.17",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE3EEB-7AAA-4BF0-9620-21071FB5DC0D",
"versionEndIncluding": "3.2.8",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E94142F-82B4-458D-A839-84E2D74EA53B",
"versionEndIncluding": "3.0.8",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCA116F-B9E0-447C-BAB9-8E97BAEE5FCE",
"versionEndIncluding": "3.1.9",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06351730-EB2B-4204-A66A-38F876F5F225",
"versionEndIncluding": "3.2.6",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Open Ticket Request System (OTRS) Help Desk versiones 3.0.x anteriores a 3.0.22, 3.1.x anteriores a 3.1.18, y 3.2.x anteriores a 3.2.9, permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios por medio de vectores no especificados relacionados con los archivos Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm y Kernel/System/TicketSearch.pm"
}
],
"id": "CVE-2013-4717",
"lastModified": "2024-11-21T01:56:07.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T19:15:07.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-09 19:15
Modified
2024-11-21 01:56
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FCD021-75D4-4277-9AC9-83289478ECD3",
"versionEndIncluding": "3.0.21",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC16347-0CF1-4EAA-ADC7-31A91AEE2479",
"versionEndIncluding": "3.1.17",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFE3EEB-7AAA-4BF0-9620-21071FB5DC0D",
"versionEndIncluding": "3.2.8",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E94142F-82B4-458D-A839-84E2D74EA53B",
"versionEndIncluding": "3.0.8",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FCA116F-B9E0-447C-BAB9-8E97BAEE5FCE",
"versionEndIncluding": "3.1.9",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06351730-EB2B-4204-A66A-38F876F5F225",
"versionEndIncluding": "3.2.6",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en Open Ticket Request System (OTRS) ITSM versiones 3.0.x anteriores a 3.0.9, versiones 3.1.x anteriores a 3.1.10 y versiones 3.2.x anteriores a 3.2.7, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de una b\u00fasqueda de ITSM ConfigItem"
}
],
"id": "CVE-2013-4718",
"lastModified": "2024-11-21T01:56:07.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-09T19:15:07.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-31 14:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.0 | |
| otrs | otrs | 2.4.1 | |
| otrs | otrs | 2.4.2 | |
| otrs | otrs | 2.4.3 | |
| otrs | otrs | 2.4.4 | |
| otrs | otrs | 2.4.5 | |
| otrs | otrs | 2.4.6 | |
| otrs | otrs | 2.4.7 | |
| otrs | otrs | 2.4.8 | |
| otrs | otrs | 2.4.9 | |
| otrs | otrs | 2.4.10 | |
| otrs | otrs | 2.4.11 | |
| otrs | otrs | 2.4.12 | |
| otrs | otrs | 2.4.13 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.0 | |
| otrs | otrs | 3.0.1 | |
| otrs | otrs | 3.0.2 | |
| otrs | otrs | 3.0.3 | |
| otrs | otrs | 3.0.4 | |
| otrs | otrs | 3.0.5 | |
| otrs | otrs | 3.0.6 | |
| otrs | otrs | 3.0.7 | |
| otrs | otrs | 3.0.8 | |
| otrs | otrs | 3.0.9 | |
| otrs | otrs | 3.0.10 | |
| otrs | otrs | 3.0.11 | |
| otrs | otrs | 3.0.12 | |
| otrs | otrs | 3.0.13 | |
| otrs | otrs | 3.0.14 | |
| otrs | otrs | 3.0.15 | |
| otrs | otrs_itsm | 3.0.0 | |
| otrs | otrs_itsm | 3.0.1 | |
| otrs | otrs_itsm | 3.0.2 | |
| otrs | otrs_itsm | 3.0.3 | |
| otrs | otrs_itsm | 3.0.4 | |
| otrs | otrs_itsm | 3.0.5 | |
| otrs | otrs_itsm | 3.0.6 | |
| otrs | otrs | 3.1.0 | |
| otrs | otrs | 3.1.1 | |
| otrs | otrs | 3.1.2 | |
| otrs | otrs | 3.1.3 | |
| otrs | otrs | 3.1.4 | |
| otrs | otrs | 3.1.5 | |
| otrs | otrs | 3.1.6 | |
| otrs | otrs | 3.1.7 | |
| otrs | otrs | 3.1.8 | |
| otrs | otrs | 3.1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC028B45-B693-457B-8D2C-312C7363593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE458E4-7394-48EB-8711-BC360036C082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EBAA8183-513A-43E4-AAE2-5E654F95B4E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB3159B-EF44-4D18-A4E9-EE149F588BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F879541-066F-4C86-8844-B577EA8F2661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A021-28B3-4358-951F-86F791A9655A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6605C7-A589-43BD-BB4A-1917D964569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "388F9AA8-CFF2-4742-B594-A5462DA424FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5587B6D5-9219-4429-BA50-723CDA760377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2914F4-C45B-4CBA-8EF4-DA1FEC309895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "61B492D3-5659-4F8B-A0B9-3F5937203BED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5258544-BF7A-4C64-88A6-C95E4482FA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3949B8-D461-4C94-AE6C-89122AC5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF4FD28-8DF9-466B-8CDE-8077CADFEC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF64AA5-50E6-4D3B-8F60-1D80C9BBDC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB590BAC-7E69-447B-B4AD-E813F92CDF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED128D4-28F0-4FF9-AB2D-6D47952EF4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17E88594-DDBF-4568-9CC7-F4F5D9306F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "365194D1-0288-4804-9C30-2AD6C39118C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Open System Request Ticket (OTRS) Help Desk v2.4.x antes de v2.4.14, v3.0.x antes de v3.0.16, y v3.1.x antes de v3.1.10, cuando se usa Firefox u Opera, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un cuerpo de mensaje de correo electr\u00f3nico con etiquetas HTML anidadas.\r\n"
}
],
"id": "CVE-2012-4600",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-31T14:55:01.293",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50615"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"source": "cve@mitre.org",
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/511404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://znuny.com/en/#%21/advisory/ZSA-2012-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-21 16:15
Modified
2024-11-21 01:53
Severity ?
Summary
Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2013-0196.html | Third Party Advisory | |
| cve@mitre.org | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2013-0196.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8DBDF3-4B17-4A40-B7B0-5C3E0C2D56F0",
"versionEndExcluding": "3.0.20",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F087FCE9-65A5-484C-B12F-B5DA62DE674E",
"versionEndExcluding": "3.1.16",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A1D49-3954-49FE-B380-B09882A37C6C",
"versionEndExcluding": "3.2.7",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE3C475-E0F2-45CE-B3F7-65E6D67229B2",
"versionEndExcluding": "3.0.8",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A410BE4-CB6E-44A0-BCD3-98C8414F32D1",
"versionEndExcluding": "3.1.9",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88C588FA-05C0-4677-A35C-7F9F518D225A",
"versionEndExcluding": "3.2.5",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism."
},
{
"lang": "es",
"value": "El archivo Kernel/Modules/AgentTicketPhone.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.20, versiones 3.1.x anteriores a 3.1.16, y versiones 3.2.x anteriores a 3.2.7, y OTRS ITSM versiones 3.0.x anteriores a 3.0.8, versiones 3.1.x anteriores a 3.1.9, y versiones 3.2.x anteriores a 3.2.5, no restringe apropiadamente los tickets, lo cual permite a atacantes remotos con un inicio de sesi\u00f3n de agente v\u00e1lido, leer tickets restringidos por medio de una URL dise\u00f1ada que implica el mecanismo de divisi\u00f3n de tickets."
}
],
"id": "CVE-2013-3551",
"lastModified": "2024-11-21T01:53:51.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-21T16:15:11.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2013-0196.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-23 10:32
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED6D3CC0-ED21-4BE5-989A-977FB267FED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EC028B45-B693-457B-8D2C-312C7363593A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE458E4-7394-48EB-8711-BC360036C082",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DB3159B-EF44-4D18-A4E9-EE149F588BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F879541-066F-4C86-8844-B577EA8F2661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8C40A021-28B3-4358-951F-86F791A9655A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6605C7-A589-43BD-BB4A-1917D964569B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "388F9AA8-CFF2-4742-B594-A5462DA424FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5587B6D5-9219-4429-BA50-723CDA760377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2914F4-C45B-4CBA-8EF4-DA1FEC309895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "61B492D3-5659-4F8B-A0B9-3F5937203BED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB05A1-9965-40D2-BABF-A666BE857166",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "777A992E-1D05-493F-8E2F-15AB3F2A4562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "828189F1-EF8B-485C-946F-C12CCEE4E27D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8020EA-A636-4C9B-A080-3EF092DF583B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "51877344-2358-400D-89D5-6273992571FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC3B407-4C93-422F-800B-E747068826E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A10F00-2869-4DDE-9548-B374EBC14C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF985A8-DB88-47DA-9F9A-B63F727D8239",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A099342-C98B-4B2F-B878-B3FCB0A62123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B93DC6C-E210-4417-B473-62A80C7AA5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD63E70-69E0-4870-8938-0B26B76D73D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53452C0F-FE9F-4EF6-A4FD-7AF9631E22BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7CFD77-0E81-4EA3-A1AC-A92025CE982A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3949B8-D461-4C94-AE6C-89122AC5C5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF4FD28-8DF9-466B-8CDE-8077CADFEC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF64AA5-50E6-4D3B-8F60-1D80C9BBDC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB590BAC-7E69-447B-B4AD-E813F92CDF45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED128D4-28F0-4FF9-AB2D-6D47952EF4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17E88594-DDBF-4568-9CC7-F4F5D9306F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AC10F7-096D-4E3B-8DF5-C59BC2C7AACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77089A07-0800-43E5-84B5-E19AB5170B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5250013-774E-41E2-B57F-86560EB54F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0196A1-269D-4555-A163-06998738DCBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "778CD948-FEBB-4949-A64D-35995AD1DB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:otrs:otrs_itsm:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B31AC2-2388-4C33-ACAC-30CF8719DC47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) Help Desk v2.4.x anterior a v2.4.13, v3.0.x anterior a v3.0.15, y v3.1.x anterior a v3.1.9, y OTRS ITSM v2.1.x anterior a v2.1.5, v3.0.x anterior a v3.0.6, y v3.1.x anterior a v3.1.6, permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s del cuerpo de un mensaje de correo electr\u00f3nico con (1)una propiedad de una expresi\u00f3n en un atributo STYLE de un elemento arbitrario o (2) texto UTF-7 en un elemento META HTTP-EQUIV=\"CONTENT-TYPE\".\r\n\r\n\r\n"
}
],
"id": "CVE-2012-2582",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-23T10:32:14.967",
"references": [
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/50513"
},
{
"source": "cret@cert.org",
"url": "http://www.debian.org/security/2012/dsa-2536"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/582879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}