CVE

Id
55825  
CVE No.
CVE-2012-2582  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.  
Phase
Assigned (20120509)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
581011 55825 CVE-2012-2582 CONFIRM:http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/  View
581012 55825 CVE-2012-2582 DEBIAN:DSA-2536  View
581013 55825 CVE-2012-2582 URL:http://www.debian.org/security/2012/dsa-2536  View
581014 55825 CVE-2012-2582 SUSE:openSUSE-SU-2012:1105  View
581015 55825 CVE-2012-2582 URL:http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html  View
581016 55825 CVE-2012-2582 CERT-VN:VU#582879  View
581017 55825 CVE-2012-2582 URL:http://www.kb.cert.org/vuls/id/582879  View
581018 55825 CVE-2012-2582 SECUNIA:50513  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
27850 JVNDB-2012-003557 AfterLogic MailSuite Pro におけるクロスサイトスクリプティングの脆弱性 AfterLogic MailSuite Pro には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2012-2587 55825 4.3 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003557.html  View