CVE-2005-3894 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html http://marc.info/?l=bugtraq&m=113272360804853&w=2 http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt http://otrs.org/advisory/OSA-2005-01-en/ http://secunia.com/advisories/17685/ http://secunia.com/advisories/18101 http://secunia.com/advisories/18887 http://securitytracker.com/id?1015262 http://www.debian.org/security/2006/dsa-973 http://www.novell.com/linux/security/advisories/2005_30_sr.html http://www.osvdb.org/21067 http://www.securityfocus.com/bid/15537/ http://www.vupen.com/english/advisories/2005/2535 https://exchange.xforce.ibmcloud.com/vulnerabilities/23356 https://exchange.xforce.ibmcloud.com/vulnerabilities/23359

Share on: