oss-sec mailing list archives
CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 1 Nov 2016 14:56:01 +0100
Hi
From the OTRS advisory at [1]:
An attacker could trick an authenticated agent or customer into opening a malicious attachment which could lead to the execution of JavaScript in OTRS context.
which is fixed in upstream versions OTRS 3.3.16 4.0.19 and 5.0.14. [1] https://www.otrs.com/security-advisory-2016-02-security-update-otrs/ Could you please assign a CVE for this issue? Regards, Salvatore
Current thread:
- CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment Salvatore Bonaccorso (Nov 01)