CVE-2013-2637

Published Feb 12, 2020

Last updated 3 months ago

CVSS medium 6.1

Overview

Description: A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "002EF3F8-1077-4C5D-A487-357AB6BFEB95",
            "versionEndExcluding": "2.0.8"
          },
          {
            "criteria": "cpe:2.3:a:otrs:faq:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A51091CA-6321-45F1-9FAA-EB45AF1949BA",
            "versionEndExcluding": "2.1.4",
            "versionStartIncluding": "2.1.0"
          },
          {
            "criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76BF84E1-3633-4CFF-BB7B-4B126D1FD435",
            "versionEndExcluding": "3.0.7"
          },
          {
            "criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E23D8BE-818F-4F17-93C4-6E35840648AD",
            "versionEndExcluding": "3.1.8",
            "versionStartIncluding": "3.1.0"
          },
          {
            "criteria": "cpe:2.3:a:otrs:otrs_itsm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6303666A-A55B-436F-8895-D0F63F387E50",
            "versionEndExcluding": "3.2.4",
            "versionStartIncluding": "3.2.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References