Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2012-4751 — Cross-site Scripting in Otrs
Severity
4.3MEDIUMNVD
EPSS
5.6%
top 9.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 22
Latest updateMay 14
Description
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages2 packages
🔴Vulnerability Details
2💥Exploits & PoCs
2📋Vendor Advisories
1Debian▶
CVE-2012-4751: otrs2 - Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) He...↗2012