Advisories ยป MGASA-2014-0317

Updated ocsinventory packages fix security vulnerability

Publication date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-4722

Description

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web
Interface in OCS Inventory NG allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors (CVE-2014-4722).

Also, the web interface has been fixed to work with Apache HTTPD 2.4.
                

References

SRPMS

3/core

4/core