4 matches found
openSUSE Security Update : otrs (openSUSE-SU-2010:1061-1)
OTRS version 2.4.9 fixes among other things two cross-site-scripting and a denial of service vulnerability CVE-2010-2080, CVE-2010-3476, CVE-2010-4071. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
CVE-2010-2080
Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-3476
Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service CPU consumption via a large message, a different vulnerability than...
CVE-2010-2080
OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 are affected by CVE-2010-2080, a cross-site scripting (XSS) vulnerability in the web interface allowing remote authenticated users to inject script/HTML via unspecified vectors. The issue is documented across multiple sources (NVD and OSV/OpenVAS ent...