FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- XSS Issue

Affected packages
otrs < 3.1.20
3.2.* < otrs < 3.2.15
3.3.* < otrs < 3.3.5

Details

VuXML ID 70b72a52-9e54-11e3-babe-60a44c524f57
Discovery 2014-02-25
Entry 2014-02-25

The OTRS Project reports:

An attacker could send a specially prepared HTML email to OTRS. If he can then trick an agent into following a special link to display this email, JavaScript code would be executed.

References

CVE Name CVE-2014-1695
URL https://www.otrs.com/security-advisory-2014-03-xss-issue/