Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 432638

Summary: <www-apps/otrs-3.1.9: Multiple XSS vulnerabilities (CVE-2012-2582)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: patrick, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2012-08-24 22:13:56 UTC 
CVE-2012-2582 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2582):
  Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request
  System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x
  before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and
  3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or
  HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS)
  expression property in the STYLE attribute of an arbitrary element or (2)
  UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.


Please drop vulnerable version.