CVE-2013-2637

moderate-risk
Published 2020-02-12

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

Do I need to act?

~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
24922
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (4)

Faq
Otrs Itsm

Affected Vendors

Otrs Opensuse

References (8)

Mailing List http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
Exploit http://www.exploit-db.com/exploits/24922
Third Party Advisory http://www.securityfocus.com/bid/58930
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/83288
Mailing List http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
Exploit http://www.exploit-db.com/exploits/24922
Third Party Advisory http://www.securityfocus.com/bid/58930
Third Party Advisory https://exchange.xforce.ibmcloud.com/vulnerabilities/83288
44
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 11/34 · Low
Exposure 10/34 · Low