OTRS Mailbox HTML Injection Vulnerability Network Vulnerability

Summary

This host is installed with OTRS (Open Ticket Request System) and is prone to HTML injection vulnerability.

Impact

Successful exploitation will allow remote attackers to inject script code into the OTRS webinterface. Impact Level: Application

Solution

Upgrade to OTRS (Open Ticket Request System) version 2.0.5 or later, For updates refer to http://www.otrs.com/en/ or Apply patch from the vendor advisory link http://otrs.org/advisory/OSA-2007-01-en/

Insight

An error exists in application's agent mailbox view which fails to properly sanitize user-supplied input before using it

Affected

OTRS (Open Ticket Request System) version 2.0.0 up to and including 2.0.4.

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://otrs.org/advisory/OSA-2007-01-en/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
Apache Tomcat Directory Listing and File disclosure
Apache Tomcat source.jsp malformed request information disclosure
AbanteCart Multiple Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities