MGASA-2014-0194

Source
https://advisories.mageia.org/MGASA-2014-0194.html
Import Source
https://advisories.mageia.org/MGASA-2014-0194.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2014-0194
Related
Published
2014-04-24T19:11:34Z
Modified
2014-04-24T21:40:18Z
Summary
Updated otrs packages fix multiple vulnerabilities
Details

Updated otrs package fixes security vulnerabilities:

A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS (CVE-2014-2553).

An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS (CVE-2014-2554).

References
Credits

Affected packages

Mageia:3 / otrs

Package

Name
otrs
Purl
pkg:rpm/mageia/otrs?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.16-1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / otrs

Package

Name
otrs
Purl
pkg:rpm/mageia/otrs?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.2.16-1.mga4

Ecosystem specific

{
    "section": "core"
}