[SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service Jun 07 2007 05:52PM
dann frazier (dannf debian org) (1 replies)
Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service Jun 11 2007 10:18AM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial ofservice Jun 12 2007 04:37PM
dann frazier (dannf dannf org)
On Mon, Jun 11, 2007 at 02:18:10PM +0400, 3APA3A wrote:
> Dear dann frazier,
>
>
> Can you please provide valid CVE for this advisory, if any?
>
> CVE-2007-2524 is Cross-site scripting (XSS) vulnerability in index.pl
> in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to
> inject arbitrary web script or HTML via the Subaction parameter in an
> AgentTicketMailbox Action.

This has already been corrected here:
http://www.debian.org/security/2007/dsa-1299

--
dann frazier

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus