Download
| Alert*
|
oval:org.secpod.oval:def:600875
It was discovered that otrs2, a ticket request system, contains a cross-site scripting vulnerability when email messages are viewed using Internet Explorer. This update also improves the HTML security filter to detect tag nesting. oval:org.secpod.oval:def:600521 Multiple cross-site scripting vulnerabilities were discovered in Open Ticket Request System , a trouble-ticket system. In addition, this security update a failure when upgrading the package from lenny to squeeze. The oldstable distribution is not affected by this problem. oval:org.secpod.oval:def:601080 It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. |
