Lucene search

K

PRIOn knowledge basePRION:CVE-2007-2524

HistoryMay 08, 2007 - 11:19 p.m.

Cross site scripting

2007-05-0823:19:00

PRIOn knowledge base

www.prio-n.com

5

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.4%

Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.

CPENameOperatorVersion
otrseq2.0.4

References

osvdb.org/35821

osvdb.org/35822

secunia.com/advisories/25205

secunia.com/advisories/25419

secunia.com/advisories/25787

securityreason.com/securityalert/2668

www.debian.org/security/2007/dsa-1298

www.novell.com/linux/security/advisories/2007_13_sr.html

www.securityfocus.com/archive/1/467870/100/0/threaded

www.securityfocus.com/archive/1/471192/100/0/threaded

www.securityfocus.com/bid/23862

www.virtuax.be/?page=library&id=35&type=Exploits

www.vupen.com/english/advisories/2007/1698

exchange.xforce.ibmcloud.com/vulnerabilities/34164

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.4%

Related for PRION:CVE-2007-2524

ubuntucve2 cve2 debiancve2 nessus15 openvas16 prion1 securityvulns4 centos1 ubuntu1 gentoo1 osv2 debian2 oraclelinux1 redhat1 fedora1