Vulnerability Details CVE-2005-3894
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
- http://marc.info/?l=bugtraq&m=113272360804853&w=2
- http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
- http://otrs.org/advisory/OSA-2005-01-en/
- http://secunia.com/advisories/17685/
- http://secunia.com/advisories/18101
- http://secunia.com/advisories/18887
- http://securitytracker.com/id?1015262
- http://www.debian.org/security/2006/dsa-973
- http://www.novell.com/linux/security/advisories/2005_30_sr.html
- http://www.osvdb.org/21067
- http://www.securityfocus.com/bid/15537/
- http://www.vupen.com/english/advisories/2005/2535
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23359
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
- http://marc.info/?l=bugtraq&m=113272360804853&w=2
- http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
- http://otrs.org/advisory/OSA-2005-01-en/
- http://secunia.com/advisories/17685/
- http://secunia.com/advisories/18101
- http://secunia.com/advisories/18887
- http://securitytracker.com/id?1015262
- http://www.debian.org/security/2006/dsa-973
- http://www.novell.com/linux/security/advisories/2005_30_sr.html
- http://www.osvdb.org/21067
- http://www.securityfocus.com/bid/15537/
- http://www.vupen.com/english/advisories/2005/2535
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23356
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23359
Products affected by CVE-2005-3894
-
cpe:2.3:a:otrs:otrs:1.0.0
-
cpe:2.3:a:otrs:otrs:1.3.2
-
cpe:2.3:a:otrs:otrs:2.0.0
-
cpe:2.3:a:otrs:otrs:2.0.1
-
cpe:2.3:a:otrs:otrs:2.0.2
-
cpe:2.3:a:otrs:otrs:2.0.3