Lucene search
HistoryApr 02, 2014 - 4:05 p.m.
CVE-2014-2553
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
39.8%
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.
Affected configurations
Node
otrsotrsMatch3.2.0
ORotrsotrsMatch3.2.0beta1
ORotrsotrsMatch3.2.0beta2
ORotrsotrsMatch3.2.0beta3
ORotrsotrsMatch3.2.0beta4
ORotrsotrsMatch3.2.0beta5
ORotrsotrsMatch3.2.0rc1
ORotrsotrsMatch3.2.1
ORotrsotrsMatch3.2.2
ORotrsotrsMatch3.2.3
ORotrsotrsMatch3.2.4
ORotrsotrsMatch3.2.5
ORotrsotrsMatch3.2.6
ORotrsotrsMatch3.2.7
ORotrsotrsMatch3.2.8
ORotrsotrsMatch3.2.9
ORotrsotrsMatch3.2.10
ORotrsotrsMatch3.2.11
ORotrsotrsMatch3.2.12
ORotrsotrsMatch3.2.13
ORotrsotrsMatch3.2.14
ORotrsotrsMatch3.2.15
Node
otrsotrsMatch3.3.0
ORotrsotrsMatch3.3.0beta1
ORotrsotrsMatch3.3.0beta2
ORotrsotrsMatch3.3.0beta3
ORotrsotrsMatch3.3.0beta4
ORotrsotrsMatch3.3.0beta5
ORotrsotrsMatch3.3.0rc1
ORotrsotrsMatch3.3.1
ORotrsotrsMatch3.3.2
ORotrsotrsMatch3.3.3
ORotrsotrsMatch3.3.4
ORotrsotrsMatch3.3.5
Node
otrsotrsMatch3.1.0
ORotrsotrsMatch3.1.1
ORotrsotrsMatch3.1.2
ORotrsotrsMatch3.1.3
ORotrsotrsMatch3.1.4
ORotrsotrsMatch3.1.5
ORotrsotrsMatch3.1.6
ORotrsotrsMatch3.1.7
ORotrsotrsMatch3.1.8
ORotrsotrsMatch3.1.9
ORotrsotrsMatch3.1.10
ORotrsotrsMatch3.1.11
ORotrsotrsMatch3.1.13
ORotrsotrsMatch3.1.14
ORotrsotrsMatch3.1.15
ORotrsotrsMatch3.1.16
ORotrsotrsMatch3.1.17
ORotrsotrsMatch3.1.18
ORotrsotrsMatch3.1.19
ORotrsotrsMatch3.1.20
| Vendor | Product | Version | CPE |
|---|---|---|---|
| otrs | otrs | 3.2.0 | cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:* |
| otrs | otrs | 3.2.0 | cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:* |
| otrs | otrs | 3.2.0 | cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:* |
| otrs | otrs | 3.2.0 | cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:* |
| otrs | otrs | 3.2.0 | cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:* |
| otrs | otrs | 3.2.0 | cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:* |
| otrs | otrs | 3.2.0 | cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:* |
| otrs | otrs | 3.2.1 | cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:* |
| otrs | otrs | 3.2.2 | cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:* |
| otrs | otrs | 3.2.3 | cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2014-2553
2014-04-02 16:05:57
cvelist
cvelist
CVE-2014-2553
2014-04-02 14:00:00
prion
prion
Cross site scripting
2014-04-02 16:05:00
debiancve
debiancve
CVE-2014-2553
2014-04-02 16:05:57
seebug
seebug
OTRS Help Deskθ·¨η«θζ¬ζΌζ΄
2014-04-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-2553
2014-04-02 00:00:00
nessus
nessus
openSUSE Security Update : otrs (openSUSE-SU-2014:0561-1)
2014-06-13 00:00:00
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
2014-06-10 00:00:00
Debian DLA-1119-1 : otrs2 security update
2017-10-02 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:111 ] otrs
2014-06-14 00:00:00
openvas
openvas
OTRS Help Desk Cross Site Scripting/Clickjacking Vulnerability
2014-04-03 00:00:00
OTRS Help Desk 3.1.x < 3.1.21, 3.2.x < 3.2.16, 3.3.x < 3.3.6 Multiple Vulnerabilities
2014-04-07 00:00:00
Mageia: Security Advisory (MGASA-2014-0194)
2022-01-28 00:00:00
mageia
mageia
Updated otrs packages fix multiple vulnerabilities
2014-04-24 23:11:34
osv
osv
otrs2 - security update
2017-09-30 00:00:00
otrs-3.3.16-37.1 on GA media
2024-06-15 00:00:00
debian
debian
[SECURITY] [DLA 1119-1] otrs2 security update
2017-09-30 19:35:53
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
39.8%
Related for NVD:CVE-2014-2553