DescriptionOpen Ticket Request System (OTRS) 3.3.9 has XSS in requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
otrs2 (PTS)stretch/non-free (security), stretch/non-free5.0.16-1+deb9u1undetermined
buster/non-free, sid/non-free5.0.21-1undetermined
wheezy (security)3.1.7+dfsg1-8+deb7u6undetermined
jessie (security), jessie3.3.9-3+deb8u1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Search for package or bug name: Reporting problems