Re: [SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service
On Mon, Jun 11, 2007 at 02:18:10PM +0400, 3APA3A wrote:
> Dear dann frazier,
>
>
> Can you please provide valid CVE for this advisory, if any?
>
> CVE-2007-2524 is Cross-site scripting (XSS) vulnerability in index.pl
> in OTRS (Open Ticket Request System) 2.0.x allows remote attackers to
> inject arbitrary web script or HTML via the Subaction parameter in an
> AgentTicketMailbox Action.
This has already been corrected here:
http://www.debian.org/security/2007/dsa-1299
--
dann frazier