Web application abuses : OTRS Multiple XSS Vulnerabilities (OSA-2011-01)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.801778

Category: Web application abuses

Title: OTRS Multiple XSS Vulnerabilities (OSA-2011-01)

Summary: Open Ticket Request System (OTRS) is prone to multiple; cross-site scripting (XSS) vulnerabilities.

Description: Summary:
Open Ticket Request System (OTRS) is prone to multiple
cross-site scripting (XSS) vulnerabilities.

Vulnerability Insight:
The flaw is caused by improper validation of user-supplied input
by multiple scripts. A remote attacker could exploit this vulnerability using various parameters
in a specially-crafted URL to execute script in a victim's Web browser within the security context
of the hosting Web site.

Vulnerability Impact:
Successful exploitation will allow attackers to insert arbitrary
HTML and script code, which will be executed in a user's browser session in context of an affected
site and steal cookie-based authentication credentials.

Affected Software/OS:
OTRS versions 2.4.x prior to 2.4.10 and 3.x prior to 3.0.7.

Solution:
Update to version 2.4.10, 3.0.7 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2011-1518
BugTraq ID: 47323
http://www.securityfocus.com/bid/47323
Debian Security Information: DSA-2231 (Google Search)
http://www.debian.org/security/2011/dsa-2231
http://www.osvdb.org/71790
http://secunia.com/advisories/44029
http://secunia.com/advisories/44479
SuSE Security Announcement: SUSE-SR:2011:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://www.vupen.com/english/advisories/2011/1186
XForce ISS Database: otrs-multiple-unspecified-xss(66698)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66698

Copyright Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.801778
Category:	Web application abuses
Title:	OTRS Multiple XSS Vulnerabilities (OSA-2011-01)
Summary:	Open Ticket Request System (OTRS) is prone to multiple; cross-site scripting (XSS) vulnerabilities.
Description:	Summary: Open Ticket Request System (OTRS) is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaw is caused by improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability using various parameters in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site. Vulnerability Impact: Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site and steal cookie-based authentication credentials. Affected Software/OS: OTRS versions 2.4.x prior to 2.4.10 and 3.x prior to 3.0.7. Solution: Update to version 2.4.10, 3.0.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1518 BugTraq ID: 47323 http://www.securityfocus.com/bid/47323 Debian Security Information: DSA-2231 (Google Search) http://www.debian.org/security/2011/dsa-2231 http://www.osvdb.org/71790 http://secunia.com/advisories/44029 http://secunia.com/advisories/44479 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/1186 XForce ISS Database: otrs-multiple-unspecified-xss(66698) https://exchange.xforce.ibmcloud.com/vulnerabilities/66698
Copyright	Copyright (C) 2011 Greenbone AG