Sales North America +1 408 725 7501 | Europe +49 6172 6819 880 | Asia + 852 3690 1503
Skip navigation and go to main content
Security Advisory 2007-01
Security Advisory Details
- Date: May 24, 2007
- Title: Vulnerability in OTRS agent mailbox view allows Cross-Site-Scripting
- Severity: Less critical
- Affected:
- OTRS Help Desk OTRS 2.0.x
- Fixed in:
- OTRS Help Desk OTRS 2.0.5
- Not affected:
- OTRS Help Desk 2.2.x
- OTRS Help Desk 2.1.x
- Download a fixed release
Vulnerability Description
This Advisory covers one vulnerabilities in the OTRS agent mailbox view. Input fields allows injection of script code Missing HTML quoting allows an agent in the mailbox view (only in a valid session) the injection of HTML tags. This vulnerability allows an attacker to inject script code into the OTRS webinterface which will be loaded and executed in users browsers. Affected by these vulnerabilities are all releases of OTRS 2.0.0 up to and including 2.0.4.
Recommended Resolution
This vulnerability is fixed in OTRS 2.0.5, and it is recommended to upgrade to this version.
Workaround
As a workaround you can update from cvs the file Kernel/Modules/AgentTicketMailbox.pm to to version 1.4.2.3 (http://cvs.otrs.org/).
Report a Vulnerability
© 2012 OTRS Inc. All rights reserved. All other trademarks and copyrights are the property of their respective owners. |
