Test ID:	1.3.6.1.4.1.25623.1.0.803937
Category:	Web application abuses
Title:	OTRS ITSM 'Body' Field HTML Injection Vulnerability (OSA-2012-01)
Summary:	OTRS (Open Ticket Request System) or OTRS:ITSM is prone to HTML injection vulnerability.
Description:	Summary: OTRS (Open Ticket Request System) or OTRS:ITSM is prone to HTML injection vulnerability. Vulnerability Insight: An error exists in application which fails to properly sanitize user-supplied input before using it. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML via an e-mail message body. Affected Software/OS: OTRS (Open Ticket Request System) version 2.4.x up to and including 2.4.12, 3.0.x up to and including 3.0.14 and 3.1.x up to and including 3.1.8 OTRS::ITSM 3.1.0 up to and including 3.1.5, 3.0.0 up to and including 3.0.5 and 2.1.0 up to and including 2.1.4 Solution: Upgrade to OTRS (Open Ticket Request System) version 2.4.13, 3.0.15 and 3.1.9 or later, and OTRS::ITSM version 3.1.6, 3.0.6 and 2.1.5 or apply the patch from the referenced vendor advisory. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2582 CERT/CC vulnerability note: VU#582879 http://www.kb.cert.org/vuls/id/582879 Debian Security Information: DSA-2536 (Google Search) http://www.debian.org/security/2012/dsa-2536 http://secunia.com/advisories/50513 SuSE Security Announcement: openSUSE-SU-2012:1105 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html
Copyright	Copyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.