Lucene search
HistoryAug 31, 2012 - 2:55 p.m.
CVE-2012-4600
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.003
Percentile
66.2%
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
Affected configurations
Node
otrsotrsMatch2.4.0beta1
ORotrsotrsMatch2.4.0beta2
ORotrsotrsMatch2.4.0beta3
ORotrsotrsMatch2.4.0beta4
ORotrsotrsMatch2.4.0beta5
ORotrsotrsMatch2.4.0beta6
ORotrsotrsMatch2.4.1
ORotrsotrsMatch2.4.2
ORotrsotrsMatch2.4.3
ORotrsotrsMatch2.4.4
ORotrsotrsMatch2.4.5
ORotrsotrsMatch2.4.6
ORotrsotrsMatch2.4.7
ORotrsotrsMatch2.4.8
ORotrsotrsMatch2.4.9
ORotrsotrsMatch2.4.10
ORotrsotrsMatch2.4.11
ORotrsotrsMatch2.4.12
ORotrsotrsMatch2.4.13
Node
otrsotrsMatch3.0.0beta1
ORotrsotrsMatch3.0.0beta2
ORotrsotrsMatch3.0.0beta3
ORotrsotrsMatch3.0.0beta4
ORotrsotrsMatch3.0.0beta5
ORotrsotrsMatch3.0.0beta6
ORotrsotrsMatch3.0.0beta7
ORotrsotrsMatch3.0.1
ORotrsotrsMatch3.0.2
ORotrsotrsMatch3.0.3
ORotrsotrsMatch3.0.4
ORotrsotrsMatch3.0.5
ORotrsotrsMatch3.0.6
ORotrsotrsMatch3.0.7
ORotrsotrsMatch3.0.8
ORotrsotrsMatch3.0.9
ORotrsotrsMatch3.0.10
ORotrsotrsMatch3.0.11
ORotrsotrsMatch3.0.12
ORotrsotrsMatch3.0.13
ORotrsotrsMatch3.0.14
ORotrsotrsMatch3.0.15
ORotrsotrs_itsmMatch3.0.0
ORotrsotrs_itsmMatch3.0.1
ORotrsotrs_itsmMatch3.0.2
ORotrsotrs_itsmMatch3.0.3
ORotrsotrs_itsmMatch3.0.4
ORotrsotrs_itsmMatch3.0.5
ORotrsotrs_itsmMatch3.0.6
Node
otrsotrsMatch3.1.0
ORotrsotrsMatch3.1.1
ORotrsotrsMatch3.1.2
ORotrsotrsMatch3.1.3
ORotrsotrsMatch3.1.4
ORotrsotrsMatch3.1.5
ORotrsotrsMatch3.1.6
ORotrsotrsMatch3.1.7
ORotrsotrsMatch3.1.8
ORotrsotrsMatch3.1.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| otrs | otrs | 2.4.0 | cpe:2.3:a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:* |
| otrs | otrs | 2.4.0 | cpe:2.3:a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:* |
| otrs | otrs | 2.4.0 | cpe:2.3:a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:* |
| otrs | otrs | 2.4.0 | cpe:2.3:a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:* |
| otrs | otrs | 2.4.0 | cpe:2.3:a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:* |
| otrs | otrs | 2.4.0 | cpe:2.3:a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:* |
| otrs | otrs | 2.4.1 | cpe:2.3:a:otrs:otrs:2.4.1:*:*:*:*:*:*:* |
| otrs | otrs | 2.4.2 | cpe:2.3:a:otrs:otrs:2.4.2:*:*:*:*:*:*:* |
| otrs | otrs | 2.4.3 | cpe:2.3:a:otrs:otrs:2.4.3:*:*:*:*:*:*:* |
| otrs | otrs | 2.4.4 | cpe:2.3:a:otrs:otrs:2.4.4:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2012-08-31 14:55:00
nessus
nessus
FreeBSD : otrs -- XSS vulnerability in Firefox and Opera (95a69d1a-52a5-11e2-a289-1c4bd681f0cf)
2013-01-02 00:00:00
FreeBSD : otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution (d60199df-7fb3-11e2-9c5a-000d601460a4)
2013-02-26 00:00:00
openSUSE Security Update : otrs (openSUSE-SU-2012:1214-1)
2014-06-13 00:00:00
freebsd
freebsd
otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution
2012-08-30 00:00:00
otrs -- XSS vulnerability in Firefox and Opera
2012-08-30 00:00:00
ubuntucve
ubuntucve
CVE-2012-4600
2012-08-31 00:00:00
openvas
openvas
OTRS Email Message XSS Vulnerability (OSA-2012-02)
2013-09-25 00:00:00
Debian: Security Advisory (DSA-2536-1)
2012-09-07 00:00:00
debiancve
debiancve
CVE-2012-4600
2012-08-31 14:55:01
cert
cert
Open Technology Real Services nested tags cross-site scripting vulnerability
2012-08-30 00:00:00
packetstorm
packetstorm
OTRS Open Technology Real Services 3.1.8 / 3.1.9 XSS
2012-08-31 00:00:00
cve
cve
CVE-2012-4600
2012-08-31 14:55:01
cvelist
cvelist
CVE-2012-4600
2012-08-31 14:00:00
exploitdb
exploitdb
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
2012-08-31 00:00:00
OTRS 3.1 - Persistent Cross-Site Scripting
2012-10-18 00:00:00
osv
osv
otrs-3.3.16-37.1 on GA media
2024-06-15 00:00:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.003
Percentile
66.2%
Related for NVD:CVE-2012-4600