CVE-2013-2637
Summary
| CVE | CVE-2013-2637 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-12 17:15:00 UTC |
| Updated | 2020-02-18 20:11:00 UTC |
| Description | A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Opensuse | Opensuse | 12.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.2 | All | All | All |
| Operating System | Opensuse | Opensuse | 12.3 | All | All | All |
| Application | Otrs | Faq | All | All | All | All |
| Application | Otrs | Faq | All | All | All | All |
| Application | Otrs | Otrs Itsm | All | All | All | All |
| Application | Otrs | Otrs Itsm | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| OTRS ITSM/FAQ Module CVE-2013-2637 Multiple HTML Injection Vulnerabilities | MISC | www.securityfocus.com | Third Party Advisory, VDB Entry |
| OTRS FAQ Module - Persistent XSS | MISC | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| openSUSE-SU-2013:1338-1: moderate: otrs: 3.1.18 update to fix security i | MISC | lists.opensuse.org | Mailing List, Third Party Advisory |
| IBM X-Force Exchange | MISC | exchange.xforce.ibmcloud.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.