Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30830
HistoryJun 14, 2014 - 12:00 a.m.

[ MDVSA-2014:111 ] otrs

2014-06-1400:00:00
vulners.com
17
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2014:111
http://www.mandriva.com/en/support/security/

Package : otrs
Date : June 10, 2014
Affected: Business Server 1.0

Problem Description:

Updated otrs package fixes security vulnerabilities:

A logged in attacker could insert special content in dynamic fields,
leading to JavaScript code being executed in OTRS (CVE-2014-2553).

An attacker could embed OTRS in a hidden iframe tag of another page,
tricking the user into clicking links in OTRS (CVE-2014-2554).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2554
http://advisories.mageia.org/MGASA-2014-0194.html

Updated Packages:

Mandriva Business Server 1/X86_64:
705047cc0c626211bcc60881d3af1469 mbs1/x86_64/otrs-3.2.16-1.mbs1.noarch.rpm
a5c3626c92a00103fe916aff0690d791 mbs1/SRPMS/otrs-3.2.16-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFTlqXgmqjQ0CJFipgRAtJOAKDBhfF8OxMdFT7Pn5xx9Kk4i0jk2gCgme4t
LHmMYXhXLyl7XsCNh15EkxY=
=xUGC
-----END PGP SIGNATURE-----

Related

openvas 3
nessus 4
mageia 1
osv 1
debian 1
prion 2
cve 2
debiancve 2
freebsd 1
seebug 2
ubuntucve 2
securityvulns 1
openvas
openvas
OTRS Help Desk Cross Site Scripting/Clickjacking Vulnerability
2014-04-03 00:00:00
OTRS Help Desk Cross-Site Scripting and Clickjacking Vulnerabilities
2014-04-07 00:00:00
Debian LTS: Security Advisory for otrs2 (DLA-1119-1)
2018-02-07 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
2014-06-10 00:00:00
openSUSE Security Update : otrs (openSUSE-SU-2014:0561-1)
2014-06-13 00:00:00
Debian DLA-1119-1 : otrs2 security update
2017-10-02 00:00:00
mageia
mageia
Updated otrs packages fix multiple vulnerabilities
2014-04-24 23:11:34
osv
osv
otrs2 - security update
2017-09-30 00:00:00
debian
debian
[SECURITY] [DLA 1119-1] otrs2 security update
2017-09-30 19:35:53
prion
prion
Cross site scripting
2014-04-02 16:05:00
Code injection
2014-04-23 15:55:00
cve
cve
CVE-2014-2553
2014-04-02 16:05:00
CVE-2014-2554
2014-04-23 15:55:00
debiancve
debiancve
CVE-2014-2554
2014-04-23 15:55:00
CVE-2014-2553
2014-04-02 16:05:00
freebsd
freebsd
otrs -- Clickjacking issue
2014-04-01 00:00:00
seebug
seebug
OTRS Help Desk跨站脚本漏洞
2014-04-02 00:00:00
OTRS Help Desk点击劫持漏洞
2014-04-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-2553
2014-04-02 00:00:00
CVE-2014-2554
2014-04-23 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-06-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:30830
openvas3nessus4mageia1osv1debian1prion2cve2debiancve2freebsd1seebug2ubuntucve2securityvulns1