FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OTRS -- Several XSS attacks possible

Affected packages
2.3.*	<	otrs	<	3.0.7

Details

VuXML ID	a4372a68-652c-11e0-a25a-00151735203a
Discovery	2011-03-12
Entry	2011-04-12

OTRS Security Advisory reports:

Several XSS attacks possible: An attacker could trick a logged in user to following a prepared URL inside of the OTRS system which causes a page to be shown that possibly includes malicious !JavaScript code because of incorrect escaping during the generation of the HTML page.

[source]

References

CVE Name	CVE-2011-1518
URL	http://otrs.org/advisory/OSA-2011-01-en/