CVE-2007-2524

OTRS 2.0.x - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ciri · textwebappscgi

https://www.exploit-db.com/exploits/29962

View Code ZIP pw:eip

References (14)

[Vendor Advisory] http://secunia.com/advisories/25205

[Vendor Advisory] http://secunia.com/advisories/25419

[Vendor Advisory] http://secunia.com/advisories/25787

[Exploit] http://www.securityfocus.com/bid/23862

[Exploit, Vendor Advisory] http://www.virtuax.be/?page=library&id=35&type=Exploits

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34164

[Vendor Advisory] http://www.novell.com/linux/security/advisories/2007_13_sr.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/467870/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/471192/100/0/threaded

[Third Party Advisory] http://www.debian.org/security/2007/dsa-1298

[Third Party Advisory, VDB Entry] http://osvdb.org/35821

[Third Party Advisory, VDB Entry] http://osvdb.org/35822

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1698

[Third Party Advisory] http://securityreason.com/securityalert/2668

Scores

EPSS 0.0566

EPSS Percentile 90.2%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

otrs/otrs

Timeline

Published May 08, 2007

Tracked Since Feb 18, 2026