CVE-2010-4762 — Cross-site Scripting in Otrs

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

3.5LOWNVD

EPSS

0.1%

top 64.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedMar 18

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 3.0.8+dfsg1-1 (bullseye)

▶NVDotrs/otrs3.0.0+64

🔴Vulnerability Details

GHSA

GHSA-jfw9-x47c-g7w4: Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3↗2022-05-17

▶

OSV

CVE-2010-4762: Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3↗2011-03-18

▶

📋Vendor Advisories

Debian

CVE-2010-4762: otrs2 - Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Op...↗2010

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶