Lucene search

[email protected]NVD:CVE-2013-2637

HistoryFeb 12, 2020 - 5:15 p.m.

CVE-2013-2637

2020-02-1217:15:11

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.317

Percentile

97.1%

JSON

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

Affected configurations

Nvd

Node

otrsfaqRange<2.0.8

otrsfaqRange2.1.0–2.1.4

otrsotrs_itsmRange<3.0.7

otrsotrs_itsmRange3.1.0–3.1.8

otrsotrs_itsmRange3.2.0–3.2.4

Node

opensuseopensuseMatch12.2

opensuseopensuseMatch12.3

VendorProductVersionCPE
otrsfaq*cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*
otrsotrs_itsm*cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*
opensuseopensuse12.2cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
opensuseopensuse12.3cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
otrs	faq	*	cpe:2.3:a:otrs:faq::::::::
otrs	otrs_itsm	*	cpe:2.3:a:otrs:otrs_itsm::::::::
opensuse	opensuse	12.2	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
opensuse	opensuse	12.3	cpe:2.3:o:opensuse:opensuse:12.3:::::::*