Lucene search
Gentoo FoundationMGASA-2014-0194HistoryApr 24, 2014 - 11:11 p.m.
Updated otrs packages fix multiple vulnerabilities
2014-04-2423:11:34
Gentoo Foundation
advisories.mageia.org
26
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
53.1%
Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS (CVE-2014-2553). An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS (CVE-2014-2554).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | otrs | <Β 3.2.16-1 | otrs-3.2.16-1.mga3 |
| Mageia | 4 | noarch | otrs | <Β 3.2.16-1 | otrs-3.2.16-1.mga4 |
Related
securityvulns
securityvulns
[ MDVSA-2014:111 ] otrs
2014-06-14 00:00:00
openvas
openvas
OTRS Help Desk Cross Site Scripting/Clickjacking Vulnerability
2014-04-03 00:00:00
OTRS Help Desk 3.1.x < 3.1.21, 3.2.x < 3.2.16, 3.3.x < 3.3.6 Multiple Vulnerabilities
2014-04-07 00:00:00
Mageia: Security Advisory (MGASA-2014-0194)
2022-01-28 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
2014-06-10 00:00:00
openSUSE Security Update : otrs (openSUSE-SU-2014:0561-1)
2014-06-13 00:00:00
Debian DLA-1119-1 : otrs2 security update
2017-10-02 00:00:00
osv
osv
otrs2 - security update
2017-09-30 00:00:00
otrs-3.3.16-37.1 on GA media
2024-06-15 00:00:00
debian
debian
[SECURITY] [DLA 1119-1] otrs2 security update
2017-09-30 19:35:53
nvd
nvd
CVE-2014-2553
2014-04-02 16:05:57
CVE-2014-2554
2014-04-23 15:55:04
cve
cve
CVE-2014-2553
2014-04-02 16:05:57
CVE-2014-2554
2014-04-23 15:55:04
cvelist
cvelist
CVE-2014-2553
2014-04-02 14:00:00
CVE-2014-2554
2014-04-23 14:00:00
prion
prion
Cross site scripting
2014-04-02 16:05:00
Code injection
2014-04-23 15:55:00
debiancve
debiancve
CVE-2014-2554
2014-04-23 15:55:04
CVE-2014-2553
2014-04-02 16:05:57
seebug
seebug
OTRS Help Deskθ·¨η«θζ¬ζΌζ΄
2014-04-02 00:00:00
OTRS Help DeskηΉε»ε«ζζΌζ΄
2014-04-02 00:00:00
freebsd
freebsd
otrs -- Clickjacking issue
2014-04-01 00:00:00
ubuntucve
ubuntucve
CVE-2014-2553
2014-04-02 00:00:00
CVE-2014-2554
2014-04-23 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.002
Percentile
53.1%
Related for MGASA-2014-0194