4.3
CVE-2005-3894
- EPSS 6.25%
- Veröffentlicht 29.11.2005 21:03:00
- Zuletzt bearbeitet 16.06.2026 22:17:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.25% | 0.927 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
http://marc.info/?l=bugtraq&m=113272360804853&w=2
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
http://otrs.org/advisory/OSA-2005-01-en/
http://secunia.com/advisories/17685/
http://secunia.com/advisories/18101
http://secunia.com/advisories/18887
http://securitytracker.com/id?1015262
http://www.debian.org/security/2006/dsa-973
http://www.novell.com/linux/security/advisories/2005_30_sr.html
http://www.securityfocus.com/bid/15537/
http://www.vupen.com/english/advisories/2005/2535
http://www.osvdb.org/21067
https://exchange.xforce.ibmcloud.com/vulnerabilities/23356
https://exchange.xforce.ibmcloud.com/vulnerabilities/23359