CVE-2013-4718

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-09 19:15

Updated : 2024-02-28 18:28


NVD link : CVE-2013-4718

Mitre link : CVE-2013-4718

CVE.ORG link : CVE-2013-4718


JSON object : View

Products Affected

otrs

  • otrs_itsm
  • otrs
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')