CVE-2005-3894 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-3894 Interim 1 4 2023-12-09T02:20:09Z current 2021-05-30T12:34:21Z 2023-12-09T02:20:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-3894 Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WVFLUVZS5BGFNCN2FFA2CBJI2ULRFZH6/#WVFLUVZS5BGFNCN2FFA2CBJI2ULRFZH6 E-Mail link for SUSE-SR:2005:030 https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. CVE-2005-3894 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N