Package: otrs2 Version: 2.0.4p01-17 Severity: normal Tags: security
Hi, According to CVE-2007-2524 : | Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open | Ticket Request System) 2.0.x allows remote attackers to inject | arbitrary web script or HTML via the Subaction parameter in an | AgentTicketMailbox Action. More details and a PoC are available here : http://www.virtuax.be/?page=library&id=35&type=Exploits According to this site, 2.2 (in experimental) is not vulnerable, but I haven't check myself. I haven't check neither if OTRS 1.X is vulnerable. Regards. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: powerpc (ppc) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-powerpc Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]