Detections
Analytics

FreeBSD : otrs -- Sql Injection + Xss Issue (e3e788aa-e9fd-11e2-a96e-60a44c524f57)

high Nessus Plugin ID 67250

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The OTRS Project reports :

An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection (XSS) problem.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?fe42f9fa

http://www.nessus.org/u?70c45b04

Plugin Details

Severity: High

ID: 67250

File Name: freebsd_pkg_e3e788aae9fd11e2a96e60a44c524f57.nasl

Version: 1.5

Type: local

Published: 7/12/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:otrs, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/11/2013

Vulnerability Publication Date: 7/9/2013

Reference Information

CVE: CVE-2013-4717, CVE-2013-4718