5 matches found
Design/Logic Flaw
Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...
CVE-2017-9299
Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...
CVE-2017-9299
Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...
CVE-2017-9299
Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...
CVE-2017-9299
CVE-2017-9299 concerns Open Ticket Request System (OTRS) 3.3.9 with a cross-site scripting vulnerability in the web interface. The vulnerable vector is the index.pl?Action=AgentStats requests, exploitable via crafted OrderBy and Direction parameters to inject script or HTML. The vulnerability is ...