Vulnerability CVE-2013-2637


Published: 2020-02-12

Description:
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
OTRS -> FAQ 
OTRS -> Otrs itsm 
Opensuse -> Opensuse 

 References:
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
http://www.exploit-db.com/exploits/24922
http://www.securityfocus.com/bid/58930
https://exchange.xforce.ibmcloud.com/vulnerabilities/83288

Copyright 2024, cxsecurity.com

 

Back to Top