Published: 12/02/2020 Updated: 18/02/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM before 3.2.4, 3.1.8, and 3.0.7 and FAQ before 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otrs faq
otrs otrs itsm
opensuse opensuse 12.2
opensuse opensuse 12.3

# Exploit Title: [OTRS Faq Module - Persistent XSS] # Date: [2-Apr-2013] # Exploit Author: [Luigi Vezzoso] # Vendor Homepage: [wwwotrscom] # Version: [OTRS ITSM 32x,OTRS ITSM 31x,OTRS ITSM 30x] # Tested on: [Perl] # CVE : [CVE-2013-2637] #OVERVIEW The OTRS ITSM FAQ Module 32x and below is vulnerable to a persistant XSS that perm ...

The OTRS FAQ module suffers from a cross site scripting vulnerability ...

CWE-79 http://www.securityfocus.com/bid/58930 https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 http://www.exploit-db.com/exploits/24922 http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html https://nvd.nist.gov https://www.exploit-db.com/exploits/24922/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-2637

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect