Exploitation Summary
EIP tracks 2 public exploits for CVE-2012-4600.
AI-analyzed exploit summary This Python script demonstrates a stored XSS vulnerability in OTRS 3.1.8 and 3.1.9 by sending an email with a malicious payload that bypasses input validation. The payload uses obfuscated script tags to execute arbitrary JavaScript in the context of the victim's browser.
Description
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
Exploits (2)
This Python script demonstrates a stored XSS vulnerability in OTRS 3.1.8 and 3.1.9 by sending an email with a malicious payload that bypasses input validation. The payload uses obfuscated script tags to execute arbitrary JavaScript in the context of the victim's browser.
This Python script demonstrates a stored XSS vulnerability in OTRS by sending an email with a malicious iframe payload. The exploit leverages the HTML email rendering feature to execute arbitrary JavaScript in the context of the victim's browser.