PT-2023-26269 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 8.0.X through 8.0.34 Description: An improper privilege check in the OTRS ticket move action in the agent interface allows any authenticated attacker to perform a move of a ticket without the needed permission. Recommendations:...

Cross site scripting

Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public 1 read or 2 execute access via a move action, aka ZEN-15386...

CVE-2014-1841

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. dot dot in the src parameter...

XSS vulnerability in the "move" page action with html/js in the page name

There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page. Steps to reproduce: 1.create a page named: "''/'kasdfjas'dfasdf 2. on the page click on the "move" option under the tools drop-down menu 3. see an alert bo...

XSS vulnerability in the "move" page action with html/js in the page name

There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page. Steps to reproduce: 1.create a page named: "''/'kasdfjas'dfasdf 2. on the page click on the "move" option under the tools drop-down menu 3. see an alert bo...