CVE-2010-2080
published 2010-09-20CVE-2010-2080: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated…
PriorityP412low3.5CVSS 2.0
AVNACMAuSCNIPAN
EPSS
1.50%
71.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.4.8+dfsg1-1 (bullseye) | otrs2 2.4.8+dfsg1-1 (bullseye) |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv3.5LOW
vendor_debian3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-3476: otrs2 - Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does...
vendor_debian·2010·CVSS 3.5
CVE-2010-3476 [LOW] CVE-2010-3476: otrs2 - Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does...
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
Scope: local
bullseye: resolved (fixed in 2.4.8+dfsg1-1)
Debian
CVE-2010-2080: otrs2 - Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request Syste...
vendor_debian·2010·CVSS 3.5
CVE-2010-2080 [LOW] CVE-2010-2080: otrs2 - Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request Syste...
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Scope: local
bullseye: resolved (fixed in 2.4.8+dfsg1-1)
GHSA
GHSA-99jw-r98g-wv3r: Open Ticket Request System (OTRS) 2
ghsa_unreviewed·2022-05-17·CVSS 3.5
CVE-2010-3476 [LOW] CWE-20 GHSA-99jw-r98g-wv3r: Open Ticket Request System (OTRS) 2
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
GHSA
GHSA-2j92-9gm3-m87q: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2
ghsa_unreviewed·2022-05-17
CVE-2010-2080 [LOW] CWE-79 GHSA-2j92-9gm3-m87q: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
OSV
CVE-2010-3476: Open Ticket Request System (OTRS) 2
osv·2010-09-20·CVSS 3.5
CVE-2010-3476 [LOW] CVE-2010-3476: Open Ticket Request System (OTRS) 2
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
OSV
CVE-2010-2080: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2
osv·2010-09-20·CVSS 3.5
CVE-2010-2080 [LOW] CVE-2010-2080: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
No detection rules found.
Bugzilla
CVE-2009-5006 qpid: crash when redeclaring the exchange with specified alternate_exchange
bugzilla·2010-10-12·CVSS 4.0
CVE-2009-5006 [MEDIUM] CVE-2009-5006 qpid: crash when redeclaring the exchange with specified alternate_exchange
CVE-2009-5006 qpid: crash when redeclaring the exchange with specified alternate_exchange
It was reported [1], [2] that Apache QPID would crash due to a NULL pointer dereference when a remote, authenticated user attempted to redeclare an existing exchange and add a new alternate exchange. This would result in a denial of service condition of the server. This was corrected upstream by r811188 [3].
[1] https://issues.apache.org/jira/browse/QPID-2080
[2] https://bugzilla.redhat.com/show_bug.cgi?id=517751
[3] http://svn.apache.org/viewvc?revision=811188&view=revision
Discussion:
This issue has been addressed in following products:
MRG for RHEL-5
Via RHSA-2010:0773 https://rhn.redhat.com/errata/RHSA-2010-0773.html
---
This issue has been addressed in following products:
Grid for MRG on
Bugzilla
CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability
bugzilla·2010-09-20·CVSS 3.5
CVE-2010-2080 [LOW] CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability
CVE-2010-2080 CVE-2010-3476 otrs: multiple XSS vulnerabilities, DoS vulnerability
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2080 to
the following vulnerability:
Name: CVE-2010-2080
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2080
Assigned: 20100526
Reference: CONFIRM: http://otrs.org/advisory/OSA-2010-02-en/
Reference: CONFIRM: http://security-tracker.debian.org/tracker/CVE-2010-2080
Reference: BID:43264
Reference: URL: http://www.securityfocus.com/bid/43264
Reference: SECUNIA:41381
Reference: URL: http://secunia.com/advisories/41381
Reference: XF:otrs-unspecified-xss(61868)
Reference: URL: http://xforce.iss.net/xforce/xfdb/61868
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket
Request System (OTRS) 2.3.x before 2.3.6 and 2.4.
Bugzilla
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
bugzilla·2010-09-20·CVSS 4.3
CVE-2010-0438 [MEDIUM] CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=635845
Please note:
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://otrs.org/advisory/OSA-2010-02-en/http://secunia.com/advisories/41381http://security-tracker.debian.org/tracker/CVE-2010-2080http://www.securityfocus.com/bid/43264https://exchange.xforce.ibmcloud.com/vulnerabilities/61868http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://otrs.org/advisory/OSA-2010-02-en/http://secunia.com/advisories/41381http://security-tracker.debian.org/tracker/CVE-2010-2080http://www.securityfocus.com/bid/43264https://exchange.xforce.ibmcloud.com/vulnerabilities/61868
2010-09-20
Published