CVE-2012-4600

OTRS Help Desk <2.4.14-3.0.16-3.1.10 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

Exploits (2)

exploitdb WORKING POC

pythonwebappswindows

https://www.exploit-db.com/exploits/20959

View Code ZIP pw:eip

exploitdb WORKING POC

pythonwebappswindows

https://www.exploit-db.com/exploits/22070

View Code ZIP pw:eip

References (4)

[Exploit, US Government Resource] http://www.kb.cert.org/vuls/id/511404

[Vendor Advisory] http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/

[Vendor Advisory] http://znuny.com/en/#%21/advisory/ZSA-2012-02

[Third Party Advisory] http://secunia.com/advisories/50615

Scores

EPSS 0.0694

EPSS Percentile 91.5%

Details

CWE

CWE-79

Status published

Products (39)

otrs/otrs 2.4.0 beta1 (6 CPE variants)

otrs/otrs 2.4.1

otrs/otrs 2.4.2

otrs/otrs 2.4.3

otrs/otrs 2.4.4

otrs/otrs 2.4.5

otrs/otrs 2.4.6

otrs/otrs 2.4.7

otrs/otrs 2.4.8

otrs/otrs 2.4.9

... and 29 more

Published Aug 31, 2012

Tracked Since Feb 18, 2026