Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-4600Cross-site Scripting in Otrs

CWE-79Cross-site Scripting7 documents6 sources
Severity
2.6LOWNVD
EPSS
6.9%
top 8.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Debian Otrs2OtrsOtrs Itsm
Timeline
PublishedAug 31
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

debiandebian/otrs2< otrs2 3.1.7+dfsg1-5 (bullseye)
NVDotrs/otrs40 versions+39
NVDotrs/otrs_itsm7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-wx2x-284c-86m6: Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 22022-05-14
OSV
CVE-2012-4600: Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 22012-08-31

💥Exploits & PoCs

2
Exploit-DB
OTRS 3.1 - Persistent Cross-Site Scripting2012-10-18
Exploit-DB
OTRS Open Technology Real Services 3.1.8/3.1.9 - Cross-Site Scripting2012-08-31

📋Vendor Advisories

2
Debian
CVE-2012-4600: otrs2 - Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) He...2012
Red Hat
libvirt: unintended firewall port exposure after restarting libvirtd when defining a bridged forward-mode network2011-12-09
CVE-2012-4600 — Cross-site Scripting in Otrs | cvebase