FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2582

This CVE name corresponds to:

Entered Topic
2013-02-25 otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution
2012-12-30 otrs -- XSS vulnerability in Internet Explorer

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-2582
Phase Assigned(20120509)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.

References

Source Reference
CONFIRM http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/
DEBIAN DSA-2536
SUSE openSUSE-SU-2012:1105
CERT-VN VU#582879
SECUNIA 50513