OTRS Help Desk is prone to a cross site scripting and to a clickjacking vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Updates are available.

Two vulnerabilities have been reported in OTRS Help Desk, which can be exploited by malicious people to conduct cross-site scripting and clickjacking attacks. 1) Certain input related to dynamic fields is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests via iframes without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into e.g. clicking a specially crafted link via clickjacking.

Versions OTRS Help Desk prior to 3.1.20, 3.2.15, and 3.3.5 are vulnerable.

Check the version

• http://www.securityfocus.com/bid/66569
• https://www.otrs.com/security-advisory-2014-04-xss-issue
• https://www.otrs.com/security-advisory-2014-05-clickjacking-issue/

---

Updated on 2015-03-25