Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3894

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3894
Last Modified 07 Mar 2011 09:27:20
Published 29 Nov 2005 04:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3894

Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.

Vulnerable Systems

Application

  • Otrs 1.0.0

  • Otrs 1.3.2

  • Otrs 2.0.0

  • Otrs 2.0.1

  • Otrs 2.0.2

  • Otrs 2.0.3


References

BID - 15537

SECUNIA - 17685

CONFIRM - http://otrs.org/advisory/OSA-2005-01-en/

MISC - http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt

BUGTRAQ - 20051122 OTRS 1.x/2.x Multiple Security Issues

VUPEN - ADV-2005-2535

XF - otrs-index-xss(23359)

XF - otrs-queue-selection-xss(23356)

OSVDB - 21067

SUSE - SUSE-SR:2005:030

DEBIAN - DSA-973

SECTRACK - 1015262

SECUNIA - 18887

SECUNIA - 18101


Last Updated: 27 May 2016 10:41:06