Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-2524. PoCs published by ciri.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in OTRS 2.0.4, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'Subaction' parameter.
Description
Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in OTRS 2.0.4, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject arbitrary script code via the 'Subaction' parameter.