Summary: | <www-apps/otrs-3.0.10: XSS vulnerabilities (CVE-2010-4071,CVE-2011-1518) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andreis Vinogradovs ( slepnoga ) <andreis.vinogradovs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | jesse, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://otrs.org/advisory/OSA-2010-03-en/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 260823 |
Description
Andreis Vinogradovs ( slepnoga )
2010-10-26 03:43:34 UTC
More Cross Site Scripting vulnerabilities have been disclosed in: http://otrs.org/advisory/OSA-2011-01-en/ A more up-to-date fixed-in list is: Fixed in: OTRS 2.4.10, 3.0.7 CVE-2010-4071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4071): Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. Fixed software added and vulnerable versions removed by Patrick Lauer via bug 379855. Closing noglsa for ~arch package. |