CVE-2012-4751

NONECVSS 0.0

0.0

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

🔗 References (14)

cve@mitrehttp://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html
cve@mitrehttp://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html
cve@mitrehttp://www.kb.cert.org/vuls/id/603276
cve@mitrehttp://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/
cve@mitrehttp://www.securityfocus.com/bid/56093
cve@mitrehttp://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py
cve@mitrehttp://znuny.com/en/#%21/advisory/ZSA-2012-03
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/603276
af854a3a-2127-422b-91ae-364da2661108http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56093
af854a3a-2127-422b-91ae-364da2661108http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py
af854a3a-2127-422b-91ae-364da2661108http://znuny.com/en/#%21/advisory/ZSA-2012-03

Is Your Infrastructure Affected by CVE-2012-4751?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-4751

📅 Published

🔄 Last Modified

🔗 References (14)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-4751?