CVE-2013-2637
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
Published
2020-02-12T17:15:11.733
Last Modified
2024-11-21T01:52:05.780
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 6.1 (MEDIUM)
CVSSv2 Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
- Access Vector: NETWORK
- Access Complexity: MEDIUM
- Authentication: NONE
- Confidentiality Impact: NONE
- Integrity Impact: PARTIAL
- Availability Impact: NONE
Exploitability Score
8.6
Impact Score
2.9
Weaknesses
Affected Vendors & Products
References
-
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
Mailing List, Third Party Advisory
([email protected])
-
http://www.exploit-db.com/exploits/24922
Exploit, Third Party Advisory, VDB Entry
([email protected])
-
http://www.securityfocus.com/bid/58930
Third Party Advisory, VDB Entry
([email protected])
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288
Third Party Advisory, VDB Entry
([email protected])
-
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
Mailing List, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.exploit-db.com/exploits/24922
Exploit, Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
http://www.securityfocus.com/bid/58930
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288
Third Party Advisory, VDB Entry
(af854a3a-2127-422b-91ae-364da2661108)