ID de Prueba:	1.3.6.1.4.1.25623.1.0.801778
Categoría:	Web application abuses
Título:	OTRS Multiple XSS Vulnerabilities (OSA-2011-01)
Resumen:	Open Ticket Request System (OTRS) is prone to multiple; cross-site scripting (XSS) vulnerabilities.
Descripción:	Summary: Open Ticket Request System (OTRS) is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaw is caused by improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability using various parameters in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site. Vulnerability Impact: Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site and steal cookie-based authentication credentials. Affected Software/OS: OTRS versions 2.4.x prior to 2.4.10 and 3.x prior to 3.0.7. Solution: Update to version 2.4.10, 3.0.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1518 BugTraq ID: 47323 http://www.securityfocus.com/bid/47323 Debian Security Information: DSA-2231 (Google Search) http://www.debian.org/security/2011/dsa-2231 http://www.osvdb.org/71790 http://secunia.com/advisories/44029 http://secunia.com/advisories/44479 SuSE Security Announcement: SUSE-SR:2011:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.vupen.com/english/advisories/2011/1186 XForce ISS Database: otrs-multiple-unspecified-xss(66698) https://exchange.xforce.ibmcloud.com/vulnerabilities/66698
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.