fkie_nvd - fkie_cve-2011-1518

fkie_cve-2011-1518

Vulnerability from fkie_nvd

Published

2011-04-18 18:55

Modified

2025-04-11 00:51

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
cve@mitre.org	http://otrs.org/advisory/OSA-2011-01-en/	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/44029	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/44479
cve@mitre.org	http://www.debian.org/security/2011/dsa-2231
cve@mitre.org	http://www.osvdb.org/71790
cve@mitre.org	http://www.securityfocus.com/bid/47323
cve@mitre.org	http://www.vupen.com/english/advisories/2011/1186
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/66698
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108	http://otrs.org/advisory/OSA-2011-01-en/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44029	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44479
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2231
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/71790
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47323
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/1186
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66698

Impacted products

Vendor	Product	Version
otrs	otrs	2.4.0
otrs	otrs	2.4.0
otrs	otrs	2.4.0
otrs	otrs	2.4.0
otrs	otrs	2.4.0
otrs	otrs	2.4.0
otrs	otrs	2.4.1
otrs	otrs	2.4.2
otrs	otrs	2.4.3
otrs	otrs	2.4.4
otrs	otrs	2.4.5
otrs	otrs	2.4.6
otrs	otrs	2.4.7
otrs	otrs	2.4.8
otrs	otrs	2.4.9
otrs	otrs	3.0.0
otrs	otrs	3.0.0
otrs	otrs	3.0.0
otrs	otrs	3.0.0
otrs	otrs	3.0.0
otrs	otrs	3.0.0
otrs	otrs	3.0.0
otrs	otrs	3.0.1
otrs	otrs	3.0.2
otrs	otrs	3.0.3
otrs	otrs	3.0.4
otrs	otrs	3.0.5
otrs	otrs	3.0.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "0B392055-8F04-4D66-9E34-18E08014E075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "56956C8B-A529-4B2C-93B1-2E5B857E104B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "6EA6E59E-9A98-4DB8-8289-4C3D05ECCE6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "46E37D9A-107B-4FBA-8371-5E9C1B029CA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "CF0E2F18-CD50-4A71-8291-76502AFAC579",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "10F06ECD-C5FF-4912-9EDC-6C9A937CD844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "724A9C40-AE96-4AD5-BEB2-6C496F4C361D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AA5A554-016E-4CFB-A809-991B6902C3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3821A8EF-ED18-49DD-BF52-DFDD982E35C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B41C77DB-BC99-4C50-BD86-FECB44ACF0A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D7CBCB-F4B8-4ACC-86C8-E45358F48697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB4EAE42-96BD-4B25-BFCC-6CFBF08F339C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07A35A7-55A5-4E78-98F8-38B1F3D4DA72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "73932047-8E00-4720-875A-7D414000F23F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9EB62C2-23EF-4B4F-9A68-DD1388E94E13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3FC9D47F-8774-47F5-AC8C-97CBA9879D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E501F8E9-3453-428A-AEDF-861A1FF09E3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E7834A4F-255F-48E3-B363-452E8CEE1D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "EFAB601C-F7CC-49F7-8FC0-8D76360AE237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "DB57DF5E-C8A1-454C-A9EE-6BF486E74E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "47321F77-7019-46F9-B4E6-7490CD8F83C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "BC1AC1FB-87D5-457D-BFC4-4C6676950F20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "480A5F3B-B1BC-4D66-9B86-424877BE8670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F47052-E465-4230-B59E-C7463C649A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8694775A-9CE7-4E09-9C6E-9D3B26923513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D3250B-2CE8-4C03-AB04-02A3D1EF72E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "666FB4D7-9917-4BAD-AD34-911FB315E1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "45326D85-EC87-4C3F-84FD-2A6FA4926F17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) v2.4.x anterior a v2.4.10 y 3.x anterior a v3.0.7 permite a atacantes remotos inyectar script web de su elecci\u00f3n o HTML a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2011-1518",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-04-18T18:55:02.437",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://otrs.org/advisory/OSA-2011-01-en/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44029"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/44479"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2011/dsa-2231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/71790"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/47323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/1186"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://otrs.org/advisory/OSA-2011-01-en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/71790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/1186"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66698"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-1518 (GCVE-0-2011-1518)

Vulnerability from cvelistv5

Published

2011-04-18 18:00