FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- Clickjacking issue

Affected packages
		otrs	<	3.1.21
3.2.*	<	otrs	<	3.2.16
3.3.*	<	otrs	<	3.3.6

Details

VuXML ID	ffa7c6e4-bb29-11e3-8136-60a44c524f57
Discovery	2014-04-01
Entry	2014-04-03

The OTRS Project reports:

An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in OTRS.

[source]

References

CVE Name	CVE-2014-2554
URL	http://www.w3.org/1999/xhtml

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.