exp/*\n\n\n +ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-\nAdditional details may be found in the OTRS advisory.","impact":"An attacker may be able to execute arbitrary script in the context of the user's browser.","resolution":"Apply an Update\nThe OTRS advisory states: This vulnerability is fixed in OTRS 2.4.13, 3.0.15 and 3.1.9 as well as in in OTRS::ITSM 3.1.6, 3.0.6 and 2.1.5. and it is recommended to upgrade to one of these versions.","workarounds":"","sysaffected":"","thanks":"Thanks to Devon Kearns of Offensive Security for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/","http://cwe.mitre.org/data/definitions/79.html"],"cveids":["CVE-2012-2582"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-05-30T12:17:18Z","publicdate":"2012-08-22T00:00:00Z","datefirstpublished":"2012-08-22T12:05:58Z","dateupdated":"2012-08-22T12:05:59Z","revision":10,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.1","cvss_basevector":"AV:N/AC:H/Au:N/C:P/I:C/A:N","cvss_temporalscore":"4.8","cvss_environmentalscore":"4.8","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}