CVE-2005-3894

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
http://marc.info/?l=bugtraq&m=113272360804853&w=2
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
http://otrs.org/advisory/OSA-2005-01-en/
http://secunia.com/advisories/17685/
http://secunia.com/advisories/18101
http://secunia.com/advisories/18887
http://securitytracker.com/id?1015262
http://www.debian.org/security/2006/dsa-973
http://www.novell.com/linux/security/advisories/2005_30_sr.html
http://www.osvdb.org/21067
http://www.securityfocus.com/bid/15537/
http://www.vupen.com/english/advisories/2005/2535
https://exchange.xforce.ibmcloud.com/vulnerabilities/23356
https://exchange.xforce.ibmcloud.com/vulnerabilities/23359

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

20-07-2017 - 01:29

Objavljeno

29-11-2005 - 21:03