CVE-2012-2582

2012-08-2310:32:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2582

cross-site scripting

xss

otrs help desk

otrs itsm

security vulnerability

5.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV=“CONTENT-TYPE” META element.

CPENameOperatorVersion
otrs:otrsotrseq2.4.0
otrs:otrsotrseq2.4.1
otrs:otrsotrseq2.4.10
otrs:otrsotrseq2.4.5
otrs:otrsotrseq2.4.12
otrs:otrsotrseq2.4.6
otrs:otrsotrseq2.4.9
otrs:otrsotrseq2.4.3
otrs:otrsotrseq2.4.11
otrs:otrsotrseq2.4.4

CPE	Name	Operator	Version
otrs:otrs	otrs	eq	2.4.0
otrs:otrs	otrs	eq	2.4.1
otrs:otrs	otrs	eq	2.4.10
otrs:otrs	otrs	eq	2.4.5
otrs:otrs	otrs	eq	2.4.12
otrs:otrs	otrs	eq	2.4.6
otrs:otrs	otrs	eq	2.4.9
otrs:otrs	otrs	eq	2.4.3
otrs:otrs	otrs	eq	2.4.11
otrs:otrs	otrs	eq	2.4.4