ID de Prueba:	1.3.6.1.4.1.25623.1.0.803937
Categoría:	Web application abuses
Título:	OTRS ITSM 'Body' Field HTML Injection Vulnerability (OSA-2012-01)
Resumen:	OTRS (Open Ticket Request System) or OTRS:ITSM is prone to HTML injection vulnerability.
Descripción:	Summary: OTRS (Open Ticket Request System) or OTRS:ITSM is prone to HTML injection vulnerability. Vulnerability Insight: An error exists in application which fails to properly sanitize user-supplied input before using it. Vulnerability Impact: Successful exploitation will allow remote attackers to inject arbitrary web script or HTML via an e-mail message body. Affected Software/OS: OTRS (Open Ticket Request System) version 2.4.x up to and including 2.4.12, 3.0.x up to and including 3.0.14 and 3.1.x up to and including 3.1.8 OTRS::ITSM 3.1.0 up to and including 3.1.5, 3.0.0 up to and including 3.0.5 and 2.1.0 up to and including 2.1.4 Solution: Upgrade to OTRS (Open Ticket Request System) version 2.4.13, 3.0.15 and 3.1.9 or later, and OTRS::ITSM version 3.1.6, 3.0.6 and 2.1.5 or apply the patch from the referenced vendor advisory. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2582 CERT/CC vulnerability note: VU#582879 http://www.kb.cert.org/vuls/id/582879 Debian Security Information: DSA-2536 (Google Search) http://www.debian.org/security/2012/dsa-2536 http://secunia.com/advisories/50513 SuSE Security Announcement: openSUSE-SU-2012:1105 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html
Copyright	Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.