11 matches found
Mageia: Security Advisory (MGASA-2014-0194)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1119-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1119-1] otrs2 security update
Package : otrs2 Version : 3.3.18-1deb7u1 CVE ID : CVE-2014-1695 CVE-2014-2553 CVE-2014-2554 CVE-2017-14635 Debian Bug : 876462 An attacker who is logged into OTRS, a Ticket Request System, as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead t...
[ MDVSA-2014:111 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...
openSUSE Security Update : otrs (openSUSE-SU-2014:0561-1)
This otrs update fixes the following security and non security issues : - bnc871758: Fixed OSA-2014-04 CVE-2014-2553 and OSA-2014-05 CVE-2014-2554. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
Updated otrs packages fix multiple vulnerabilities
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
CVE-2014-2553 affects OTRS up to versions before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6. The vulnerability is a cross-site scripting (XSS) flaw in dynamic fields that allows a remote authenticated user to inject arbitrary web script or HTML. The condition is based on how dynamic fiel...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...