fkie_nvd - fkie_cve-2013-4718

fkie_cve-2013-4718

Vulnerability from fkie_nvd

Published

2021-08-09 19:15

Modified

2024-11-21 01:56

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.

References

▶	URL	Tags
	cve@mitre.org	https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
otrs	otrs	*
otrs	otrs	*
otrs	otrs	*
otrs	otrs_itsm	*
otrs	otrs_itsm	*
otrs	otrs_itsm	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1FCD021-75D4-4277-9AC9-83289478ECD3",
              "versionEndIncluding": "3.0.21",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DC16347-0CF1-4EAA-ADC7-31A91AEE2479",
              "versionEndIncluding": "3.1.17",
              "versionStartIncluding": "3.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AFE3EEB-7AAA-4BF0-9620-21071FB5DC0D",
              "versionEndIncluding": "3.2.8",
              "versionStartIncluding": "3.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E94142F-82B4-458D-A839-84E2D74EA53B",
              "versionEndIncluding": "3.0.8",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FCA116F-B9E0-447C-BAB9-8E97BAEE5FCE",
              "versionEndIncluding": "3.1.9",
              "versionStartIncluding": "3.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06351730-EB2B-4204-A66A-38F876F5F225",
              "versionEndIncluding": "3.2.6",
              "versionStartIncluding": "3.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en Open Ticket Request System (OTRS) ITSM versiones 3.0.x anteriores a 3.0.9, versiones 3.1.x anteriores a 3.1.10 y versiones 3.2.x anteriores a 3.2.7, permite a usuarios autenticados remotos inyectar script web o HTML arbitrario por medio de una b\u00fasqueda de ITSM ConfigItem"
    }
  ],
  "id": "CVE-2013-4718",
  "lastModified": "2024-11-21T01:56:07.970",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-09T19:15:07.300",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-4718 (GCVE-0-2013-4718)

Vulnerability from cvelistv5

Published

2021-08-09 18:03

Modified

2024-08-06 16:52

Severity ?

CWE

Summary

References

►

URL

Tags

https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05/

x_refsource_MISC