Mike Eduard - Security Researcher - Exploit Intelligence Platform

CVE-2012-4600 EXPLOITDB python WORKING POC

OTRS Help Desk <2.4.14-3.0.16-3.1.10 - XSS

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

View Code

CVE-2012-4600 EXPLOITDB python WORKING POC

OTRS Help Desk <2.4.14-3.0.16-3.1.10 - XSS

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

View Code

CVE-2012-4751 EXPLOITDB python WORKING POC

OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

View Code

CVE-2012-4751 EXPLOITDB python WORKING POC

OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

View Code