Summary
OTRS Help Desk is prone to a cross site scripting and to a clickjacking vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Impact
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Solution
Updates are available.
Insight
Two vulnerabilities have been reported in OTRS Help Desk, which can be exploited by malicious people to conduct cross-site scripting and clickjacking attacks.
1) Certain input related to dynamic fields is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) The application allows users to perform certain actions via HTTP requests via iframes without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into e.g. clicking a specially crafted link via clickjacking.
Affected
Versions OTRS Help Desk prior to 3.1.20, 3.2.15, and 3.3.5 are vulnerable.
Detection
Check the version
References
Severity
Classification
-
CVE CVE-2014-2553, CVE-2014-2554 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat TroubleShooter Servlet Installed
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure