Описание
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
Ссылки
- Mailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Mailing ListThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.8 (исключая)Версия от 2.1.0 (включая) до 2.1.4 (исключая)Версия до 3.0.7 (исключая)Версия от 3.1.0 (включая) до 3.1.8 (исключая)Версия от 3.2.0 (включая) до 3.2.4 (исключая)
Одно из
cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01433
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
EPSS
Процентиль: 80%
0.01433
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79