Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. OpenVAS Vulnerabili...

DSA-2733-1 otrs2 - SQL injection

Bulletin has no description...

CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

CVE-2012-4751

CVE-2012-4751 is an XSS vulnerability in Open Ticket Request System (OTRS) Help Desk. Affected are OTRS 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11. The issue arises from rendering an e-mail body where whitespace before a javascript: URL in the SRC attribute of an element (d...

CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

OTRS 3.1 Stored XSS Vulnerability

CVE: 2012-4751 This vulnerability PoC is a follow up http://1337day.com/exploit/19298 !/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8, 3.1.9 and 3.1.10 Vendor Homepage: http://otrs.org CVE: 2012-4751...