Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2012-4751

Published: 22/10/2012 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 440
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Otrs

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x prior to 2.4.15, 3.0.x prior to 3.0.17, and 3.1.x prior to 3.1.11 allows remote malicious users to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

otrs otrs 2.4.0

otrs otrs 2.4.1

otrs otrs 2.4.10

otrs otrs 2.4.5

otrs otrs 2.4.13

otrs otrs 2.4.12

otrs otrs 2.4.6

otrs otrs 2.4.9

otrs otrs 2.4.3

otrs otrs 2.4.11

otrs otrs 2.4.4

otrs otrs 2.4.2

otrs otrs 2.4.14

otrs otrs 2.4.8

otrs otrs 2.4.7

otrs otrs 3.0.16

otrs otrs 3.0.12

otrs otrs 3.0.10

otrs otrs 3.0.2

otrs otrs 3.0.15

otrs otrs 3.0.0

otrs otrs 3.0.1

otrs otrs 3.0.11

otrs otrs 3.0.4

otrs otrs 3.0.5

otrs otrs 3.0.7

otrs otrs 3.0.6

otrs otrs 3.0.13

otrs otrs 3.0.8

otrs otrs 3.0.14

otrs otrs 3.0.3

otrs otrs 3.0.9

otrs otrs 3.1.10

otrs otrs 3.1.1

otrs otrs 3.1.6

otrs otrs 3.1.4

otrs otrs 3.1.7

otrs otrs 3.1.9

otrs otrs 3.1.2

otrs otrs 3.1.3

otrs otrs 3.1.0

otrs otrs 3.1.8

otrs otrs 3.1.5

Vendor Advisories

Debian Security Advisories: DSA-2733-1 otrs2 -- SQL injection
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs For the oldstable distribution (squeeze), this problem has been fixed in ...

Exploits

Exploit DB: OTRS 3.1 - Persistent Cross-Site Scripting
#!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 318, 319 and 3110 Vendor Homepage: otrsorg CVE: 2012-4751 Timeline: 03 Sep 2012: Vulnerability reported + fix to vendor 04 Sep 2012: Vulnerability reported to CERT 05 Sep 2012: Response received fro ...
Exploit DB: OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting
#!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 318 and 319 Vendor Homepage: otrsorg CVE: 2012-4600 Timeline: 22 Aug 2012: Vulnerability reported to vendor and CERT 23 Aug 2012: Response received from CERT and vendor 28 Aug 2012: Update from ven ...

References

CWE-79http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.pyhttp://www.kb.cert.org/vuls/id/603276http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/http://www.securityfocus.com/bid/56093http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.htmlhttp://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.htmlhttp://znuny.com/en/#%21/advisory/ZSA-2012-03https://nvd.nist.govhttps://www.debian.org/security/./dsa-2733https://www.exploit-db.com/exploits/22070/https://www.kb.cert.org/vuls/id/603276
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook