CVE-2010-2080Cross-site Scripting in Otrs

CWE-79Cross-site ScriptingCWE-20Improper Input Validation13 documents6 sources
Severity
5.0MEDIUMNVD
NVD3.5OSV3.5
EPSS
0.2%
top 55.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Otrs2Otrs
Timeline
PublishedSep 20
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

debiandebian/otrs2< otrs2 2.4.8+dfsg1-1 (bullseye)
NVDotrs/otrs12 versions+11

🔴Vulnerability Details

4
GHSA
GHSA-99jw-r98g-wv3r: Open Ticket Request System (OTRS) 22022-05-17
GHSA
GHSA-2j92-9gm3-m87q: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 22022-05-17
OSV
CVE-2010-3476: Open Ticket Request System (OTRS) 22010-09-20
OSV
CVE-2010-2080: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 22010-09-20

💥Exploits & PoCs

1
Exploit-DB
IBM OmniFind - Buffer Overflow2010-11-09

📋Vendor Advisories

2
Debian
CVE-2010-3476: otrs2 - Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does...2010
Debian
CVE-2010-2080: otrs2 - Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request Syste...2010

💬Community

3
Bugzilla
CVE-2009-5006 qpid: crash when redeclaring the exchange with specified alternate_exchange2010-10-12
Bugzilla
CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability2010-09-20
Bugzilla
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]2010-09-20
CVE-2010-2080 — Cross-site Scripting in Otrs | cvebase