Summary
This host is running Open Ticket Request System (OTRS) and is prone to multiple Cross-site scripting Vulnerabilities.
Impact
Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site and steal cookie-based authentication credentials.
Impact Level: Application
Solution
Upgrade to Open Ticket Request System (OTRS) version 2.4.10 or 3.0.7 or later For updates refer to http://otrs.org/download/ or Apply patch from the vendor advisory link http://otrs.org/advisory/OSA-2011-01-en
Insight
The flaw is caused by improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability using various parameters in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site.
Affected
Open Ticket Request System (OTRS) version 2.4.x before 2.4.10 and 3.x before 3.0.7
Detection
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2011-1518 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Struts Cross Site Scripting Vulnerability
- AMSI 'file' Parameter Directory Traversal Vulnerability