Описание
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-3895
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23355
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
- http://marc.info/?l=bugtraq&m=113272360804853&w=2
- http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
- http://otrs.org/advisory/OSA-2005-01-en
- http://secunia.com/advisories/17685
- http://secunia.com/advisories/18101
- http://secunia.com/advisories/18887
- http://securityreason.com/securityalert/200
- http://www.debian.org/security/2006/dsa-973
- http://www.novell.com/linux/security/advisories/2005_30_sr.html
- http://www.osvdb.org/21066
- http://www.securityfocus.com/bid/15537
- http://www.vupen.com/english/advisories/2005/2535
EPSS
CVE ID
Связанные уязвимости
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 throug ...
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS