Mandriva Linux Security Advisory 2013-112 - Multiple cross-site scripting vulnerabilities in Open Ticket Request System Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with expression property in the STYLE attribute of an arbitrary element or UTF-7 text in an HTTP-EQUIV=CONTENT-TYPE META element. Cross-site scripting vulnerability in Open Ticket Request System Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. Cross-site scripting vulnerability in Open Ticket Request System Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
ef99ff1195e6fef97371a1c9efaee80a50ab7b45cb1d0b8ea55436dc8f49df6dDebian Linux Security Advisory 2536-1 - It was discovered that otrs2, a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting.
4f188624c08347780c254407978e0878a970ce7fb48697547c14a11bb88e4231
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed