Описание
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-3894
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23359
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
- http://marc.info/?l=bugtraq&m=113272360804853&w=2
- http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
- http://otrs.org/advisory/OSA-2005-01-en
- http://secunia.com/advisories/17685
- http://secunia.com/advisories/18101
- http://secunia.com/advisories/18887
- http://securitytracker.com/id?1015262
- http://www.debian.org/security/2006/dsa-973
- http://www.novell.com/linux/security/advisories/2005_30_sr.html
- http://www.osvdb.org/21067
- http://www.securityfocus.com/bid/15537
- http://www.vupen.com/english/advisories/2005/2535
EPSS
CVE ID
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Ope ...
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS