Summary: | <www-apps/otrs-4.0.12: Help Desk Cross-Site Scripting and Clickjacking Vulnerabilities (CVE-2014-{2553,2554}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | patrick, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/57616/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-01 16:09:44 UTC
CVE-2014-2553 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2553): Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. CVE-2014-2553 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2553): Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. CVE-2014-2554 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2554): OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element. This bug has been around for a while. Just a ping to see if we can resolve it. Maintainers, 3.2.12 is in tree, this is fixed in 3.2.16. Can we get an ebuild for this. No vulnerable versions in tree. |