CVE-2007-2524 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-2524 Interim 1 5 2023-12-09T02:14:42Z current 2021-05-30T12:38:54Z 2023-12-09T02:14:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-2524 Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFD4PA3UQYFXNU44YZCEAINX3XSTPUJ4/#NFD4PA3UQYFXNU44YZCEAINX3XSTPUJ4 E-Mail link for SUSE-SR:2007:013 https://www.suse.com/support/security/rating/ SUSE Security Ratings Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. CVE-2007-2524 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N