4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
It was discovered that the Open Ticket Request System performs
insufficient input sanitising for the Subaction parameter, which allows
the injection of arbitrary web script code.
The oldstable distribution (sarge) doesn’t include otrs2.
For the stable distribution (etch) this problem has been fixed in
version 2.0.4p01-18.
The unstable distribution (sid) isn’t affected by this problem.
We recommend that you upgrade your otrs2 package.