CVE-2005-3894 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-3894
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3894

Description: Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/23356 http://xforce.iss.net/xforce/xfdb/23359 SUSE http://www.novell.com/linux/security/advisories/2005_30_sr.html ST 1015262 SAID Secunia Advisory: SA18887 Secunia Advisory: SA18101 Secunia Advisory: SA17685 OSVDB 21067 MISC http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html DEBIAN http://www.debian.org/security/2006/dsa-973 CONFIRM http://otrs.org/advisory/OSA-2005-01-en/ BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=113272360804853&w=2 BID 15537

Return to the previous page.