Summary
OTRS is prone to multiple cross-site scripting vulnerabilities and a denial-of-service vulnerability
Impact
An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) higher than 2.3.6 or 2.4.8 or later, For updates refer to http://www.otrs.com/en/ or Apply patch from the vendor advisory link http://otrs.org/advisory/OSA-2010-02-en/
Insight
An error exists in application which fails to properly handle user-supplied input.
Affected
OTRS versions prior to 2.3.6 and 2.4.8 are vulnerable.
Detection
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2080, CVE-2010-3476 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Tomcat TroubleShooter Servlet Installed
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability