FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- Sql Injection + Xss Issue

Affected packages
otrs < 3.2.9

Details

VuXML ID e3e788aa-e9fd-11e2-a96e-60a44c524f57
Discovery 2013-07-09
Entry 2013-07-11

The OTRS Project reports:

An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection (XSS) problem.

References

CVE Name CVE-2013-4717
CVE Name CVE-2013-4718
URL http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/