Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2012-4600

Published: 31/08/2012 Updated: 07/11/2023
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 270
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Otrs

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x prior to 2.4.14, 3.0.x prior to 3.0.16, and 3.1.x prior to 3.1.10, when Firefox or Opera is used, allows remote malicious users to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

otrs otrs 2.4.0

otrs otrs 2.4.1

otrs otrs 2.4.10

otrs otrs 2.4.5

otrs otrs 2.4.13

otrs otrs 2.4.12

otrs otrs 2.4.6

otrs otrs 2.4.9

otrs otrs 2.4.3

otrs otrs 2.4.11

otrs otrs 2.4.4

otrs otrs 2.4.2

otrs otrs 2.4.8

otrs otrs 2.4.7

otrs otrs 3.0.12

otrs otrs itsm 3.0.4

otrs otrs itsm 3.0.2

otrs otrs 3.0.10

otrs otrs 3.0.2

otrs otrs 3.0.15

otrs otrs itsm 3.0.5

otrs otrs 3.0.0

otrs otrs 3.0.1

otrs otrs 3.0.11

otrs otrs 3.0.4

otrs otrs 3.0.5

otrs otrs 3.0.7

otrs otrs 3.0.6

otrs otrs 3.0.13

otrs otrs itsm 3.0.3

otrs otrs itsm 3.0.6

otrs otrs 3.0.8

otrs otrs 3.0.14

otrs otrs 3.0.3

otrs otrs 3.0.9

otrs otrs itsm 3.0.1

otrs otrs itsm 3.0.0

otrs otrs 3.1.1

otrs otrs 3.1.6

otrs otrs 3.1.4

otrs otrs 3.1.7

otrs otrs 3.1.9

otrs otrs 3.1.2

otrs otrs 3.1.3

otrs otrs 3.1.0

otrs otrs 3.1.8

otrs otrs 3.1.5

Vendor Advisories

Debian Security Advisories: DSA-2536-1 otrs2 -- cross-site scripting
It was discovered that Open Ticket Request System (OTRS), a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer This update also improves the HTML security filter to detect tag nesting For the stable distribution (squeeze), this problem has been fixed in version 249+dfsg1-3 ...

Exploits

Exploit DB: OTRS 3.1 - Persistent Cross-Site Scripting
#!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 318, 319 and 3110 Vendor Homepage: otrsorg CVE: 2012-4751 Timeline: 03 Sep 2012: Vulnerability reported + fix to vendor 04 Sep 2012: Vulnerability reported to CERT 05 Sep 2012: Response received fro ...
Exploit DB: OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
#!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 318 and 319 Vendor Homepage: otrsorg CVE: 2012-4600 Timeline: 22 Aug 2012: Vulnerability reported to vendor and CERT 23 Aug 2012: Response received from CERT and vendor 28 Aug 2012: Update from ven ...

References

CWE-79http://www.kb.cert.org/vuls/id/511404http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/http://secunia.com/advisories/50615http://znuny.com/en/#%21/advisory/ZSA-2012-02https://nvd.nist.govhttps://www.debian.org/security/./dsa-2536https://www.exploit-db.com/exploits/22070/https://www.kb.cert.org/vuls/id/511404
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook