CVE-2007-2524 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-2524
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2524

Description: Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/34164 SUSE http://www.novell.com/linux/security/advisories/2007_13_sr.html SREASON http://securityreason.com/securityalert/2668 SAID Secunia Advisory: SA25205 Secunia Advisory: SA25419 Secunia Advisory: SA25787 MISC http://www.virtuax.be/?page=library&id=35&type=Exploits DEBIAN http://www.debian.org/security/2007/dsa-1298 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/471192/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/467870/100/0/threaded BID 23862

Return to the previous page.