Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2524Cross-site Scripting in Otrs2

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
5.8%
top 9.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian Otrs2Otrs
Timeline
PublishedMay 8
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

debiandebian/otrs2< otrs2 2.1.1-1 (bullseye)
NVDotrs/otrs2.0.4

🔴Vulnerability Details

2
GHSA
GHSA-4q3g-xq49-mpmw: Cross-site scripting (XSS) vulnerability in index2022-05-01
OSV
CVE-2007-2524: Cross-site scripting (XSS) vulnerability in index2007-05-08

💥Exploits & PoCs

1
Exploit-DB
OTRS 2.0.4 - index.pl Cross-Site Scripting2007-05-07

📋Vendor Advisories

1
Debian
CVE-2007-2524: otrs2 - Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request Syst...2007
CVE-2007-2524 — Cross-site Scripting in Debian Otrs2 | cvebase