Bugtraq mailing list archives
Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service
From: dann frazier <dannf () dannf org>
Date: Tue, 12 Jun 2007 10:37:07 -0600
On Mon, Jun 11, 2007 at 02:18:10PM +0400, 3APA3A wrote:
Dear dann frazier, Can you please provide valid CVE for this advisory, if any? CVE-2007-2524 is Cross-site scripting (XSS) vulnerability in index.pl in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action.
This has already been corrected here: http://www.debian.org/security/2007/dsa-1299 -- dann frazier
Current thread:
- [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service dann frazier (Jun 07)
- Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service 3APA3A (Jun 11)
- Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service dann frazier (Jun 12)
- Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service 3APA3A (Jun 11)