CVE-2005-3894

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 1.0.0 through 1.3.2 Open Ticket Request System (OTRS) versions 2.0.0 through 2.0.3

Description The issue involves multiple cross-site scripting (XSS) vulnerabilities that allow remote authenticated users to inject arbitrary web script or HTML. This can be achieved via hex-encoded values in the QueueID parameter and Action parameters. The vulnerability can lead to a disruption of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For Open Ticket Request System (OTRS) versions 1.0.0 through 1.3.2, consider disabling the QueueID and Action parameters in the index.pl file until a patch is available. For Open Ticket Request System (OTRS) versions 2.0.0 through 2.0.3, consider disabling the QueueID and Action parameters in the index.pl file until a patch is available. As a temporary workaround, restrict access to the index.pl file to minimize the risk of exploitation.