Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4751

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4751
Last Modified 04 Jun 2013 11:38:21
Published 22 Oct 2012 12:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4751

Summary

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

Vulnerable Systems

Application

  • Otrs 2.4.0

  • Otrs 2.4.1

  • Otrs 2.4.10

  • Otrs 2.4.11

  • Otrs 2.4.12

  • Otrs 2.4.13

  • Otrs 2.4.14

  • Otrs 2.4.2

  • Otrs 2.4.3

  • Otrs 2.4.4

  • Otrs 2.4.5

  • Otrs 2.4.6

  • Otrs 2.4.7

  • Otrs 2.4.8

  • Otrs 2.4.9

  • Otrs 3.0.0

  • Otrs 3.0.1

  • Otrs 3.0.10

  • Otrs 3.0.11

  • Otrs 3.0.12

  • Otrs 3.0.13

  • Otrs 3.0.14

  • Otrs 3.0.15

  • Otrs 3.0.16

  • Otrs 3.0.2

  • Otrs 3.0.3

  • Otrs 3.0.4

  • Otrs 3.0.5

  • Otrs 3.0.6

  • Otrs 3.0.7

  • Otrs 3.0.8

  • Otrs 3.0.9

  • Otrs 3.1.0

  • Otrs 3.1.1

  • Otrs 3.1.10

  • Otrs 3.1.2

  • Otrs 3.1.3

  • Otrs 3.1.4

  • Otrs 3.1.5

  • Otrs 3.1.6

  • Otrs 3.1.7

  • Otrs 3.1.8

  • Otrs 3.1.9


References

CERT-VN - VU#603276

CONFIRM - http://znuny.com/en/#!/advisory/ZSA-2012-03

CONFIRM - http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py

CONFIRM - http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/

BID - 56093

SUSE - openSUSE-SU-2013:0145

MISC - http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html


Last Updated: 27 May 2016 10:53:37