Open Ticket Request System (OTRS) 'AgentTicketZoom' Cross-site Scripting Vulnerability Network Vulnerability

Summary

This host is running Open Ticket Request System (OTRS) and is prone to Cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is being viewed. Impact Level: Application

Solution

Upgrade to Open Ticket Request System (OTRS) version 2.4.9 or later For updates refer to http://otrs.org/download/

Insight

The flaw is due to input passed via HTML e-mails is not properly sanitised in AgentTicketZoom before being displayed to the user.

Affected

Open Ticket Request System (OTRS) version 2.4.x before 2.4.9.

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/68882
http://otrs.org/advisory/OSA-2010-03-en/
http://secunia.com/advisories/41978

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4071
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

NCH Software Axon 2.13 Multiple Remote Vulnerabilities
Sambar sendmail /session/sendmail
allocPSA 'login/login.php' Cross Site Scripting Vulnerability
Apache Tomcat SecurityManager Security Bypass Vulnerability
MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability

Open Ticket Request System (OTRS) 'AgentTicketZoom' Cross-site scripting Vulnerability

Take action and discover your vulnerabilities