Summary
This host is installed with OTRS (Open Ticket Request System) and is prone to HTML injection vulnerability.
Impact
Successful exploitation will allow remote attackers to inject script code into the OTRS webinterface.
Impact Level: Application
Solution
Upgrade to OTRS (Open Ticket Request System) version 2.0.5 or later, For updates refer to http://www.otrs.com/en/ or Apply patch from the vendor advisory link http://otrs.org/advisory/OSA-2007-01-en/
Insight
An error exists in application's agent mailbox view which fails to properly sanitize user-supplied input before using it
Affected
OTRS (Open Ticket Request System) version 2.0.0 up to and including 2.0.4.
Detection
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat TroubleShooter Servlet Installed
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache Tomcat Information Disclosure Vulnerability
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities