CVE-2014-1695

OTRS 3.1.x < 3.1.20, 3.2.x < 3.2.15, 3.3.x < 3.3.5 - Cross-Site Scripting via Crafted HTML Email

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1695. PoCs published by Adam Ziaja.

AI-analyzed exploit summary This Perl script demonstrates a stored XSS vulnerability in OTRS by sending a malicious email with embedded JavaScript payloads. The exploit leverages HTML injection in the email body to trigger XSS when viewed in the OTRS interface.

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

Exploits (1)

exploitdb WORKING POC
by Adam Ziaja · perlwebappsphp
https://www.exploit-db.com/exploits/36842

This Perl script demonstrates a stored XSS vulnerability in OTRS by sending a malicious email with embedded JavaScript payloads. The exploit leverages HTML injection in the email body to trigger XSS when viewed in the OTRS interface.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5
No auth needed
Prerequisites: Access to send an email to the OTRS system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36842/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65844
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57018
Vendor Advisory x_refsource_confirm
https://www.otrs.com/security-advisory-2014-03-xss-issue
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/103781
Various Sources x_refsource_misc
http://adamziaja.com/poc/201401-xss-otrs.html

Scores

EPSS 0.0491
EPSS Percentile 91.0%

Details

CWE
CWE-79
Status published
Products (36)
otrs/otrs 3.3.0 (7 CPE variants)
otrs/otrs 3.3.1
otrs/otrs 3.3.2
otrs/otrs 3.3.3
otrs/otrs 3.3.4
otrs/otrs 3.2.0 (7 CPE variants)
otrs/otrs 3.2.1
otrs/otrs 3.2.2
otrs/otrs 3.2.3
otrs/otrs 3.2.4
... and 26 more
Published Mar 01, 2014
Tracked Since Feb 18, 2026