A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html | Mailing List Third Party Advisory |
http://www.exploit-db.com/exploits/24922 | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/58930 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 | Third Party Advisory VDB Entry |
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html | Mailing List Third Party Advisory |
http://www.exploit-db.com/exploits/24922 | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/58930 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 01:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html - Mailing List, Third Party Advisory | |
References | () http://www.exploit-db.com/exploits/24922 - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/58930 - Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 - Third Party Advisory, VDB Entry |
Information
Published : 2020-02-12 17:15
Updated : 2024-11-21 01:52
NVD link : CVE-2013-2637
Mitre link : CVE-2013-2637
CVE.ORG link : CVE-2013-2637
JSON object : View
Products Affected
opensuse
- opensuse
otrs
- faq
- otrs_itsm
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')