4.3

CVE-2005-3894

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OtrsOtrs Version1.0.0
OtrsOtrs Version1.3.2
OtrsOtrs Version2.0.0
OtrsOtrs Version2.0.1
OtrsOtrs Version2.0.2
OtrsOtrs Version2.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.25% 0.927
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
http://marc.info/?l=bugtraq&m=113272360804853&w=2
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
Patch
Vendor Advisory
Exploit
http://otrs.org/advisory/OSA-2005-01-en/
Patch
Vendor Advisory
http://secunia.com/advisories/17685/
Patch
Vendor Advisory
http://secunia.com/advisories/18101
http://secunia.com/advisories/18887
http://securitytracker.com/id?1015262
http://www.debian.org/security/2006/dsa-973
http://www.novell.com/linux/security/advisories/2005_30_sr.html
http://www.securityfocus.com/bid/15537/
Patch
Exploit
http://www.vupen.com/english/advisories/2005/2535
http://www.osvdb.org/21067
https://exchange.xforce.ibmcloud.com/vulnerabilities/23356
https://exchange.xforce.ibmcloud.com/vulnerabilities/23359