{ "schema_version": "1.6.2", "id": "MGASA-2014-0194", "published": "2014-04-24T19:11:34Z", "modified": "2014-04-24T21:40:18Z", "summary": "Updated otrs packages fix multiple vulnerabilities", "details": "Updated otrs package fixes security vulnerabilities:\n\nA logged in attacker could insert special content in dynamic fields, leading\nto JavaScript code being executed in OTRS (CVE-2014-2553).\n\nAn attacker could embed OTRS in a hidden iframe tag of another page,\ntricking the user into clicking links in OTRS (CVE-2014-2554).\n", "related": [ "CVE-2014-2553", "CVE-2014-2554" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0194.html" }, { "type": "REPORT", "url": "https://www.otrs.com/security-advisory-2014-04-xss-issue/" }, { "type": "REPORT", "url": "https://www.otrs.com/security-advisory-2014-05-clickjacking-issue/" }, { "type": "REPORT", "url": "https://www.otrs.com/release-notes-otrs-help-desk-3-2-16/" }, { "type": "REPORT", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13252" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "otrs", "purl": "pkg:rpm/mageia/otrs?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.2.16-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "otrs", "purl": "pkg:rpm/mageia/otrs?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.2.16-1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }