CVE-2014-2554
https://notcve.org/view.php?id=CVE-2014-2554
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. OTRS 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a atacantes remotos realizar ataques de clickjacking a través de un elemento IFRAME. • http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html http://www.otrs.com/security-advisory-2014-05-clickjacking-issue • CWE-20: Improper Input Validation •
CVE-2014-2553
https://notcve.org/view.php?id=CVE-2014-2553
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.21, 3.2.x anterior a 3.2.16 y 3.3.x anterior a 3.3.6 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de vectores relacionados con campos dinámicos. • http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html http://secunia.com/advisories/57616 https://www.otrs.com/security-advisory-2014-04-xss-issue • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-1695 – OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-1695
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email. Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.20, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.5 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un email HTML manipulado. OTRS versions 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 suffer from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/36842 http://adamziaja.com/poc/201401-xss-otrs.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00030.html http://packetstormsecurity.com/files/131654/OTRS-3.x-Cross-Site-Scripting.html http://secunia.com/advisories/57018 http://www.osvdb.org/103781 http://www.securityfocus.com/bid/65844 https://www.otrs.com/security-advisory-2014-03-xss-issue • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •