Advisories ยป MGASA-2014-0194

Updated otrs packages fix multiple vulnerabilities

Publication date: 24 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2553 , CVE-2014-2554

Description

Updated otrs package fixes security vulnerabilities:

A logged in attacker could insert special content in dynamic fields, leading
to JavaScript code being executed in OTRS (CVE-2014-2553).

An attacker could embed OTRS in a hidden iframe tag of another page,
tricking the user into clicking links in OTRS (CVE-2014-2554).
                

References

SRPMS

4/core

3/core