CVE-2012-4751

OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4751. PoCs published by Mike Eduard.

AI-analyzed exploit summary This Python script demonstrates a stored XSS vulnerability in OTRS by sending an email with a malicious iframe payload. The exploit leverages the HTML email rendering feature to execute arbitrary JavaScript in the victim's browser.

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Mike Eduard · pythonwebappswindows

https://www.exploit-db.com/exploits/22070

View Code ZIP pw:eip

This Python script demonstrates a stored XSS vulnerability in OTRS by sending an email with a malicious iframe payload. The exploit leverages the HTML email rendering feature to execute arbitrary JavaScript in the victim's browser.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: OTRS 3.1.8, 3.1.9, 3.1.10

Auth required

Prerequisites: SMTP server access · Valid credentials for SMTP authentication

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

by Mike Eduard · pythonwebappswindows

https://www.exploit-db.com/exploits/20959

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in OTRS 3.1.8 and 3.1.9 by sending a malicious HTML email payload via SMTP. The payload bypasses input validation to execute arbitrary JavaScript in the victim's browser.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: OTRS 3.1.8 and 3.1.9

Auth required

Prerequisites: SMTP server access · valid credentials for SMTP authentication · victim interaction with the malicious email

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Core References

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56093

Exploit x_refsource_confirm

http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py

Vendor Advisory x_refsource_confirm

http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/

Vendor Advisory x_refsource_confirm

http://znuny.com/en/#%21/advisory/ZSA-2012-03

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/603276

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html

Scores

EPSS 0.0579

EPSS Percentile 92.2%

Details

CWE

CWE-79

Status published

Products (39)

otrs/otrs 2.4.0 beta1 (6 CPE variants)

otrs/otrs 2.4.1

otrs/otrs 2.4.2

otrs/otrs 2.4.3

otrs/otrs 2.4.4

otrs/otrs 2.4.5

otrs/otrs 2.4.6

otrs/otrs 2.4.7

otrs/otrs 2.4.8

otrs/otrs 2.4.9

... and 29 more

Published Oct 22, 2012

Tracked Since Feb 18, 2026