Open Ticket Request System (OTRS) 'AgentTicketZoom' Cross-site Scripting Vulnerability Network Vulnerability

Summary

This host is running Open Ticket Request System (OTRS) and is prone to Cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is being viewed. Impact Level: Application

Solution

Upgrade to Open Ticket Request System (OTRS) version 2.4.9 or later For updates refer to http://otrs.org/download/

Insight

The flaw is due to input passed via HTML e-mails is not properly sanitised in AgentTicketZoom before being displayed to the user.

Affected

Open Ticket Request System (OTRS) version 2.4.x before 2.4.9.

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/68882
http://otrs.org/advisory/OSA-2010-03-en/
http://secunia.com/advisories/41978

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4071

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Fisheye Multiple Vulnerabilities
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
OTRS Ticket CustomerID Value Restriction Bypass Vulnerability
Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
PhreeBooks Multiple Remote Vulnerabilities

Open Ticket Request System (OTRS) 'AgentTicketZoom' Cross-site scripting Vulnerability

Take action and discover your vulnerabilities