A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html | Mailing List Third Party Advisory |
http://www.exploit-db.com/exploits/24922 | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/58930 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2020-02-12 17:15
Updated : 2024-02-28 17:28
NVD link : CVE-2013-2637
Mitre link : CVE-2013-2637
CVE.ORG link : CVE-2013-2637
JSON object : View
Products Affected
otrs
- faq
- otrs_itsm
opensuse
- opensuse
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')