Open Technology Real Services cross-site scripting vulnerability

2012-08-2200:00:00

www.kb.cert.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.7%

JSON

Overview

Open Technology Real Services (OTRS) is susceptible to a cross-site scripting vulnerability.

Description

Open Technology Real Services (OTRS) contains a cross-site scripting (CWE-79) vulnerability in the email body. An attacker may be able to load arbitrary script in the context of the user’s browser when they view a specifically crafted email message.

Proof-of-Concept:

* `<div>`
* `exp/*&lt;XSS STYLE='no\xss:noxss("*//*");xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'&gt;`
* `<img>`
* `&lt;XSS STYLE="xss:expression(alert('XSS'))"&gt;`
* `&lt;HEAD&gt;&lt;META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"&gt; &lt;/HEAD&gt;+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-`

Additional details may be found in the OTRS advisory.

Impact

An attacker may be able to execute arbitrary script in the context of the user’s browser.

Solution

Apply an Update
The OTRS advisory states:
_This vulnerability is fixed in OTRS 2.4.13, 3.0.15 and 3.1.9 as well as in in OTRS::ITSM 3.1.6, 3.0.6 and 2.1.5. and it is recommended to upgrade to one of these versions. _