Vulnerability Description
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Otrs | Faq | < 2.0.8 |
| Otrs | Otrs Itsm | < 3.0.7 |
| Opensuse | Opensuse | 12.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.htmlMailing ListThird Party Advisory
- http://www.exploit-db.com/exploits/24922ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/58930Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83288Third Party AdvisoryVDB Entry
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.htmlMailing ListThird Party Advisory
- http://www.exploit-db.com/exploits/24922ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/58930Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83288Third Party AdvisoryVDB Entry
FAQ
What is CVE-2013-2637?
CVE-2013-2637 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remot...
How severe is CVE-2013-2637?
CVE-2013-2637 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2637?
Check the references section above for vendor advisories and patch information. Affected products include: Otrs Faq, Otrs Otrs Itsm, Opensuse Opensuse.