CVE-2005-3894

NameCVE-2005-3894
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-973-1
NVD severitymedium (attack range: remote)
Debian Bugs340352

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
otrssource(unstable)2.0.4p01-1medium340352
otrssourcesarge1.3.2p01-6mediumDSA-973-1

Search for package or bug name: Reporting problems