CVE-2014-1695

OTRS <3.1.20-3.3.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

Exploits (1)

exploitdb WORKING POC
by Adam Ziaja · perlwebappsphp
https://www.exploit-db.com/exploits/36842

References (8)

Scores

EPSS 0.0363
EPSS Percentile 87.7%

Details

CWE
CWE-79
Status published
Products (49)
otrs/otrs
otrs/otrs
otrs/otrs
otrs/otrs
otrs/otrs
otrs/otrs
otrs/otrs
otrs/otrs
otrs/otrs
otrs/otrs
... and 39 more
Published Mar 01, 2014
Tracked Since Feb 18, 2026