oss-sec mailing list archives

CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment

From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 1 Nov 2016 14:56:01 +0100

Hi

From the OTRS advisory at [1]:

An attacker could trick an authenticated agent or customer into
opening a malicious attachment which could lead to the execution of
JavaScript in OTRS context.


which is fixed in upstream versions OTRS 3.3.16 4.0.19 and 5.0.14.

 [1]  https://www.otrs.com/security-advisory-2016-02-security-update-otrs/

Could you please assign a CVE for this issue?

Regards,
Salvatore

Current thread:

CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment Salvatore Bonaccorso (Nov 01)
- Re: CVE Request: OTRS: execution of JavaScript in OTRS context by opening malicious attachment cve-assign (Nov 01)