EUVD-2017-18235

Malware in sbrugna...

Open Ticket Request System Cross-Site Scripting Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the service...

Design/Logic Flaw

Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...

CVE-2017-9299

Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...

CVE-2017-9299

Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...

CVE-2017-9299

CVE-2017-9299 concerns Open Ticket Request System (OTRS) 3.3.9 with a cross-site scripting vulnerability in the web interface. The vulnerable vector is the index.pl?Action=AgentStats requests, exploitable via crafted OrderBy and Direction parameters to inject script or HTML. The vulnerability is ...

CVE-2017-9299

Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...