{"vuid":"VU#511404","idnumber":"511404","name":"Open Technology Real Services nested tags cross-site scripting vulnerability","keywords":["otrs","xss","cwe-79"],"overview":"Open Technology Real Services (OTRS) is susceptible to a cross-site scripting vulnerability when viewing HTML webpages with nested tags.","clean_desc":"Open Technology Real Services (OTRS) contains a cross-site scripting (CWE-79) vulnerability in the email body. An attacker may be able to load arbitrary script in the context of the user's browser when they view a specifically crafted email message containing an invalid HTML structure with nested tags. Proof-of-Concept: <s<script> ...</script><script>...<cript type=\"text/javascript\">\ndocument.write(\"Hello World!\"); alert('Mike was here!');; </s<script> //<cript> Additional details may be found in the OTRS advisory.","impact":"An attacker may be able to execute arbitrary script in the context of the user's browser.","resolution":"Apply an Update The OTRS advisory states: This vulnerability is fixed in OTRS 2.4.14, 3.0.16 and 3.1.10 and it is recommended to upgrade to one of these versions.","workarounds":"","sysaffected":"","thanks":"Thanks to Mike Eduard of Znuny GmbH for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/","http://cwe.mitre.org/data/definitions/79.html","http://znuny.com/en/#!/advisory/ZSA-2012-02"],"cveids":["CVE-2012-4600"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-08-23T01:09:27Z","publicdate":"2012-08-30T00:00:00Z","datefirstpublished":"2012-08-30T16:57:51Z","dateupdated":"2012-08-30T16:57:52Z","revision":9,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.1","cvss_basevector":"AV:N/AC:H/Au:N/C:P/I:C/A:N","cvss_temporalscore":"4.8","cvss_environmentalscore":"4.8","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}