Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-1695Cross-site Scripting in Otrs

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
3.6%
top 12.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian Otrs2Otrs
Timeline
PublishedMar 1
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

debiandebian/otrs2< otrs2 3.3.5-1 (bullseye)
NVDotrs/otrs36 versions+35

🔴Vulnerability Details

2
GHSA
GHSA-wf4h-3v2j-2xw9: Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 32022-05-17
OSV
CVE-2014-1695: Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 32014-03-01

💥Exploits & PoCs

1
Exploit-DB
OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting2015-04-27

📋Vendor Advisories

1
Debian
CVE-2014-1695: otrs2 - Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3....2014
CVE-2014-1695 — Cross-site Scripting in Otrs | cvebase