CVE-2014-1695
OTRS 3.1.x < 3.1.20, 3.2.x < 3.2.15, 3.3.x < 3.3.5 - Cross-Site Scripting via Crafted HTML Email
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-1695. PoCs published by Adam Ziaja.
AI-analyzed exploit summary This Perl script demonstrates a stored XSS vulnerability in OTRS by sending a malicious email with embedded JavaScript payloads. The exploit leverages HTML injection in the email body to trigger XSS when viewed in the OTRS interface.
Description
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
Exploits (1)
This Perl script demonstrates a stored XSS vulnerability in OTRS by sending a malicious email with embedded JavaScript payloads. The exploit leverages HTML injection in the email body to trigger XSS when viewed in the OTRS interface.