[CVE-2013-2637] OTRS Faq Module – Persistent XSS
By: Luigi Vezzoso | #CVE #vulnerability
 Some month ago I found this XSS into FAQ module of the well-know OTRS support ticketing system. This vulnerability permit to an attacker whit FAQ publishing permission to “grab” the other user and/or admin that accesS a malicius FAQ.
You can find the public disclosure @ the following links:
About Luigi Vezzoso
Security professional with more than 15 year of experience in multiple aspects of cyber security - In my the spare time I like to train dogs.