Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2582Cross-site Scripting in Otrs

CWE-79Cross-site Scripting6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
3.0%
top 13.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
OtrsOtrs Itsm
Timeline
PublishedAug 23
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META elemen

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDotrs/otrs_itsm17 versions+16
NVDotrs/otrs37 versions+36

🔴Vulnerability Details

3
GHSA
GHSA-74m7-9rv3-r9vp: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 22022-05-17
CVEList
CVE-2012-2582: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 22012-08-23
OSV
CVE-2012-2582: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 22012-08-23

💥Exploits & PoCs

1
Exploit-DB
OTRS Open Technology Real Services 3.1.4 - Persistent Cross-Site Scripting2012-08-08

📋Vendor Advisories

1
Debian
CVE-2012-2582: otrs2 - Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request Syste...2012
CVE-2012-2582 — Cross-site Scripting in Otrs | cvebase