{"api_version":"1","generated_at":"2026-04-23T01:31:47+00:00","cve":"CVE-2013-2637","urls":{"html":"https://cve.report/CVE-2013-2637","api":"https://cve.report/api/cve/CVE-2013-2637.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-2637","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-2637"},"summary":{"title":"CVE-2013-2637","description":"A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-02-12 17:15:00","updated_at":"2020-02-18 20:11:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/58930","name":"http://www.securityfocus.com/bid/58930","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"OTRS ITSM/FAQ Module CVE-2013-2637 Multiple HTML Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.exploit-db.com/exploits/24922","name":"http://www.exploit-db.com/exploits/24922","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"OTRS FAQ Module - Persistent XSS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html","name":"http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html","refsource":"MISC","tags":["Mailing List","Third Party Advisory"],"title":"openSUSE-SU-2013:1338-1: moderate: otrs: 3.1.18 update to fix security i","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/83288","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/83288","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-2637","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2637","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"12.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"12.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"12.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"opensuse","cpe6":"12.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"otrs","cpe5":"faq","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"otrs","cpe5":"faq","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"otrs","cpe5":"otrs_itsm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"2637","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"otrs","cpe5":"otrs_itsm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2013-2637","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html"},{"url":"http://www.securityfocus.com/bid/58930","refsource":"MISC","name":"http://www.securityfocus.com/bid/58930"},{"url":"http://www.exploit-db.com/exploits/24922","refsource":"MISC","name":"http://www.exploit-db.com/exploits/24922"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/83288","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/83288"}]}},"nvd":{"publishedDate":"2020-02-12 17:15:00","lastModifiedDate":"2020-02-18 20:11:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.1.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndExcluding":"3.2.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*","versionEndExcluding":"3.0.7","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"2637","Ordinal":"62280","Title":"CVE-2013-2637","CVE":"CVE-2013-2637","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"2637","Ordinal":"1","NoteData":"A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"2637","Ordinal":"2","NoteData":"2020-02-12","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"2637","Ordinal":"3","NoteData":"2020-02-12","Type":"Other","Title":"Modified"}]}}}