otrs -- Sql Injection + Xss Issue

2013-07-09T00:00:00
ID E3E788AA-E9FD-11E2-A96E-60A44C524F57
Type freebsd
Reporter FreeBSD
Modified 2013-07-09T00:00:00

Description

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection (XSS) problem.