CVE-2013-2637

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
otrsfaq
𝑥
< 2.0.8
otrsfaq
2.1.0 ≤
𝑥
< 2.1.4
otrsotrs_itsm
𝑥
< 3.0.7
otrsotrs_itsm
3.1.0 ≤
𝑥
< 3.1.8
otrsotrs_itsm
3.2.0 ≤
𝑥
< 3.2.4
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
http://www.exploit-db.com/exploits/24922
http://www.securityfocus.com/bid/58930
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
http://www.exploit-db.com/exploits/24922
http://www.securityfocus.com/bid/58930
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288