CVE-2005-3894: XSS
First published: Tue Nov 29 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OTRS | =1.0.0 | |
| OTRS | =1.3.2 | |
| OTRS | =2.0.0 | |
| OTRS | =2.0.1 | |
| OTRS | =2.0.2 | |
| OTRS | =2.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
- http://otrs.org/advisory/OSA-2005-01-en/
- http://www.securityfocus.com/bid/15537/
- http://secunia.com/advisories/17685/
- http://www.osvdb.org/21067
- http://securitytracker.com/id?1015262
- http://www.novell.com/linux/security/advisories/2005_30_sr.html
- http://secunia.com/advisories/18101
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
- http://www.debian.org/security/2006/dsa-973
- http://secunia.com/advisories/18887
- http://www.vupen.com/english/advisories/2005/2535
- http://marc.info/?l=bugtraq&m=113272360804853&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23359
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23356
Frequently Asked Questions
What is the severity of CVE-2005-3894?
CVE-2005-3894 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2005-3894?
To fix CVE-2005-3894, upgrade OTRS to version 2.0.4 or later where the vulnerabilities have been addressed.
Which versions of OTRS are affected by CVE-2005-3894?
CVE-2005-3894 affects OTRS versions 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3.
What types of attacks can be executed due to CVE-2005-3894?
CVE-2005-3894 allows remote authenticated users to perform cross-site scripting, potentially injecting arbitrary web scripts or HTML.
Who is impacted by CVE-2005-3894?
Remote authenticated users of the affected OTRS versions are impacted by CVE-2005-3894.
- agent/softwarecombine
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/otrs
- product/otrs
- canonical/otrs otrs
- canonical/otrs
- version/otrs/1.0.0
- version/otrs/1.3.2
- version/otrs/2.0.0
- version/otrs/2.0.1
- version/otrs/2.0.2
- version/otrs/2.0.3