Package name
otrs
Date
2013-04-10
Advisory ID
MDVSA-2013:112
Affected versions
MBS1 x86_64

Problem description

Updated otrs package fixes security vulnerabilities:

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket
Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before
3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5,
3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers
to inject arbitrary web script or HTML via an e-mail message body
with (1) a Cascading Style Sheets (CSS) expression property in the
STYLE attribute of an arbitrary element or (2) UTF-7 text in an
HTTP-EQUIV=CONTENT-TYPE META element (CVE-2012-2582).

Cross-site scripting (XSS) vulnerability in Open Ticket Request System
(OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x
before 3.1.10, when Firefox or Opera is used, allows remote attackers
to inject arbitrary web script or HTML via an e-mail message body
with nested HTML tags (CVE-2012-4600).

Cross-site scripting (XSS) vulnerability in Open Ticket Request System
(OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x
before 3.1.11 allows remote attackers to inject arbitrary web script or
HTML via an e-mail message body with whitespace before a javascript:
URL in the SRC attribute of an element, as demonstrated by an IFRAME
element (CVE-2012-4751).

Updated packages

MBS1 x86_64

 972c63cf977db8c7e01be8d6733b6fa7  mbs1/x86_64/otrs-3.1.11-1.mbs1.noarch.rpm 
 3cf42ac9d8ff07b6b7fe83d0d0c9d983  mbs1/SRPMS/otrs-3.1.11-1.mbs1.src.rpm

References