CVE-2007-2524 - CVE Reference - Advisories

CVE Reference: CVE-2007-2524

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-2524

Description: Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/34164 SUSE http://www.novell.com/linux/security/advisories/2007_13_sr.html SREASON http://securityreason.com/securityalert/2668 SAID Secunia Advisory: SA25205 Secunia Advisory: SA25419 Secunia Advisory: SA25787 MISC http://www.virtuax.be/?page=library&id=35&type=Exploits DEBIAN http://www.debian.org/security/2007/dsa-1298 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/471192/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/467870/100/0/threaded BID 23862

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	Drupal Session Fixation Vulnerability

3.	OpenBSD BIND Query Port DNS Cache Poisoning

4.	Red Hat update for kernel

5.	Ubuntu update for php

6.	Debian update for xulrunner

7.	IPCop update for perl

8.	Debian update for cupsys

9.	Red Hat update for thunderbird

10.	Apple Safari Cross-Domain Cookie Injection Vulnerability