5.8

CVE-2005-3895

Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML.  NOTE: this particular issue is referred to as XSS by some sources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OtrsOtrs Version1.0.0
OtrsOtrs Version1.3.2
OtrsOtrs Version2.0.0
OtrsOtrs Version2.0.1
OtrsOtrs Version2.0.2
OtrsOtrs Version2.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.05% 0.787
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
http://marc.info/?l=bugtraq&m=113272360804853&w=2
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
Patch
Vendor Advisory
http://otrs.org/advisory/OSA-2005-01-en/
Patch
Vendor Advisory
http://secunia.com/advisories/17685/
Patch
Vendor Advisory
http://secunia.com/advisories/18101
Vendor Advisory
http://secunia.com/advisories/18887
Vendor Advisory
http://www.debian.org/security/2006/dsa-973
http://www.novell.com/linux/security/advisories/2005_30_sr.html
http://www.securityfocus.com/bid/15537/
Patch
http://www.vupen.com/english/advisories/2005/2535
http://securityreason.com/securityalert/200
http://www.osvdb.org/21066
https://exchange.xforce.ibmcloud.com/vulnerabilities/23355