Package otrs updated to version 3.3.8-alt1 for branch sisyphus in task 129029.

Published: 2014-04-02
Modified: 2024-11-21

CVE-2014-2553

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.

Severity: LOW (3.5)

References:

openSUSE-SU-2014:0561
openSUSE-SU-2014:0561
57616
57616
https://www.otrs.com/security-advisory-2014-04-xss-issue
https://www.otrs.com/security-advisory-2014-04-xss-issue

Published: 2014-04-23
Modified: 2024-11-21

CVE-2014-2554

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

Severity: MEDIUM (4.3)

References:

openSUSE-SU-2014:0561
openSUSE-SU-2014:0561
http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/
http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/

Version: 2.1.0

Package otrs update in sisyphus on 2014-09-04

ALT-PU-2014-2073-1

Closed vulnerabilities

CVE-2014-2553

CVE-2014-2554