Lucene search

K

Ubuntu.comUB:CVE-2012-4751

HistoryOct 22, 2012 - 12:00 a.m.

CVE-2012-4751

2012-10-2200:00:00

ubuntu.com

ubuntu.com

17

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

76.3%

Cross-site scripting (XSS) vulnerability in Open Ticket Request System
(OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before
3.1.11 allows remote attackers to inject arbitrary web script or HTML via
an e-mail message body with whitespace before a javascript: URL in the SRC
attribute of an element, as demonstrated by an IFRAME element.

References

www.kb.cert.org/vuls/id/603276

www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/

znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py

znuny.com/en/#!/advisory/ZSA-2012-03

launchpad.net/bugs/cve/CVE-2012-4751

nvd.nist.gov/vuln/detail/CVE-2012-4751

security-tracker.debian.org/tracker/CVE-2012-4751

www.cve.org/CVERecord?id=CVE-2012-4751

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.005

Percentile

76.3%

Related for UB:CVE-2012-4751

cvelist1 packetstorm1 nessus5 nvd1 freebsd2 openvas3 prion1 debiancve1 cve1 cert1 exploitdb2 osv2 debian2