CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2014-2554 – Mandriva Linux Security Advisory 2014-111
https://notcve.org/view.php?id=CVE-2014-2554
23 Apr 2014 — OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. OTRS 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a atacantes remotos realizar ataques de clickjacking a través de un elemento IFRAME. A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS. An attacker could embed OTRS in a hidden iframe tag of another page, tr... • http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 54EXPL: 0CVE-2014-2553 – Mandriva Linux Security Advisory 2014-111
https://notcve.org/view.php?id=CVE-2014-2553
02 Apr 2014 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores relacionados con campos ... • http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 48EXPL: 3CVE-2014-1695 – OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-1695
28 Feb 2014 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email. Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.20, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.5 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un email HTML manipulado. An attacker could send a specially prepare... • https://packetstorm.news/files/id/131654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •