FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-4751

This CVE name corresponds to:

Entered Topic
2013-02-25 otrs -- XSS vulnerability could lead to remote code execution
2012-12-30 otrs -- XSS vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-4751
Phase Assigned(20120904)

Description

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

References

Source Reference
MISC http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html
CONFIRM http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/
CONFIRM http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py
CONFIRM http://znuny.com/en/#!/advisory/ZSA-2012-03
SUSE openSUSE-SU-2013:0145
CERT-VN VU#603276
BID 56093