CVE-2012-4600

OTRS Help Desk <2.4.14-3.0.16-3.1.10 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

Exploits (2)

exploitdb WORKING POC

pythonwebappswindows

https://www.exploit-db.com/exploits/20959

View on exploitdb

exploitdb WORKING POC

pythonwebappswindows

https://www.exploit-db.com/exploits/22070

View on exploitdb

References (4)

[Exploit, US Government Resource] http://www.kb.cert.org/vuls/id/511404

[Vendor Advisory] http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/

[Vendor Advisory] http://znuny.com/en/#%21/advisory/ZSA-2012-02

[Third Party Advisory] http://secunia.com/advisories/50615

Scores

EPSS 0.0694

EPSS Percentile 91.3%

Classification

CWE

CWE-79

Status draft

Affected Products (50)

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

otrs/otrs

... and 35 more

Timeline

Published Aug 31, 2012

Tracked Since Feb 18, 2026