First published: Thu Aug 23 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
OTRS | =2.4.0-beta1 | |
OTRS | =2.4.0-beta2 | |
OTRS | =2.4.0-beta3 | |
OTRS | =2.4.0-beta4 | |
OTRS | =2.4.0-beta5 | |
OTRS | =2.4.0-beta6 | |
OTRS | =2.4.1 | |
OTRS | =2.4.2 | |
OTRS | =2.4.3 | |
OTRS | =2.4.4 | |
OTRS | =2.4.5 | |
OTRS | =2.4.6 | |
OTRS | =2.4.7 | |
OTRS | =2.4.8 | |
OTRS | =2.4.9 | |
OTRS | =2.4.10 | |
OTRS | =2.4.11 | |
OTRS | =2.4.12 | |
OTRS | =3.0.0-beta1 | |
OTRS | =3.0.0-beta2 | |
OTRS | =3.0.0-beta3 | |
OTRS | =3.0.0-beta4 | |
OTRS | =3.0.0-beta5 | |
OTRS | =3.0.0-beta6 | |
OTRS | =3.0.0-beta7 | |
OTRS | =3.0.1 | |
OTRS | =3.0.2 | |
OTRS | =3.0.3 | |
OTRS | =3.0.4 | |
OTRS | =3.0.5 | |
OTRS | =3.0.6 | |
OTRS | =3.0.7 | |
OTRS | =3.0.8 | |
OTRS | =3.0.9 | |
OTRS | =3.0.10 | |
OTRS | =3.0.11 | |
OTRS | =3.0.12 | |
OTRS | =3.0.13 | |
OTRS | =3.0.14 | |
OTRS | =3.1.0 | |
OTRS | =3.1.1 | |
OTRS | =3.1.2 | |
OTRS | =3.1.3 | |
OTRS | =3.1.4 | |
OTRS | =3.1.5 | |
OTRS | =3.1.6 | |
OTRS | =3.1.7 | |
OTRS | =3.1.8 | |
OTRS | =2.1.0 | |
OTRS | =2.1.1 | |
OTRS | =2.1.2 | |
OTRS | =2.1.3 | |
OTRS | =2.1.4 | |
OTRS | =3.0.0 | |
OTRS | =3.0.1 | |
OTRS | =3.0.2 | |
OTRS | =3.0.3 | |
OTRS | =3.0.4 | |
OTRS | =3.0.5 | |
OTRS | =3.1.0 | |
OTRS | =3.1.1 | |
OTRS | =3.1.2 | |
OTRS | =3.1.3 | |
OTRS | =3.1.4 | |
OTRS | =3.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-2582 allows remote attackers to inject arbitrary web scripts into vulnerable OTRS applications, potentially compromising user data and session integrity.
To mitigate CVE-2012-2582, you should upgrade to OTRS versions 2.4.13 or later, 3.0.15 or later, or 3.1.9 or later.
CVE-2012-2582 affects OTRS versions 2.4.x prior to 2.4.13, 3.0.x prior to 3.0.15, 3.1.x prior to 3.1.9, and OTRS ITSM 2.1.x and 3.0.x prior to specified versions.
Yes, CVE-2012-2582 is considered a critical vulnerability due to its ability to allow XSS attacks.
CVE-2012-2582 is categorized as a cross-site scripting (XSS) vulnerability.