https://bugzilla.wikimedia.org/show_bug.cgi?id=63685
Bug ID: 63685
Summary: Update OTRS to 3.2.16 (address XSS and clickjacking
vulnerability)
Product: Wikimedia
Version: wmf-deployment
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: OTRS
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected], [email protected]
Web browser: ---
Mobile Platform: ---
See
http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/ ("An attacker
could embed OTRS in a hidden <iframe> tag of another page, tricking the user
into clicking links in OTRS.")
http://www.otrs.com/security-advisory-2014-04-xss-issue/ ("A logged in attacker
could insert special content in dynamic fields, leading to JavaScript code
being executed in OTRS.")
We are currently running OTRS 3.2.14. Note that this would also solve bug 61912
("Update OTRS to 3.2.15 (address XSS vulnerability)").
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
