Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Otrs | 2.4.0 |
| Otrs | Otrs Itsm | 2.1.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html
- http://secunia.com/advisories/50513
- http://www.debian.org/security/2012/dsa-2536
- http://www.kb.cert.org/vuls/id/582879ExploitUS Government Resource
- http://www.otrs.com/en/open-source/community-news/security-advisories/security-aVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html
- http://secunia.com/advisories/50513
- http://www.debian.org/security/2012/dsa-2536
- http://www.kb.cert.org/vuls/id/582879ExploitUS Government Resource
- http://www.otrs.com/en/open-source/community-news/security-advisories/security-aVendor Advisory
FAQ
What is CVE-2012-2582?
CVE-2012-2582 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3...
How severe is CVE-2012-2582?
CVE-2012-2582 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2582?
Check the references section above for vendor advisories and patch information. Affected products include: Otrs Otrs, Otrs Otrs Itsm.