Bug 24419 - AgentTicketZoom is vulnerable to XSS attacks from HTML e-mails
Summary: AgentTicketZoom is vulnerable to XSS attacks from HTML e-mails
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: otrs (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Sergey Y. Afonin
QA Contact: qa-sisyphus
URL: http://otrs.org/advisory/OSA-2010-03-en/
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-10-25 15:56 MSD by Vladimir Lettiev
Modified: 2010-10-29 09:26 MSD (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-10-25 15:56:54 MSD 
Whenever a customer sends an HTML e-mail and RichText is enabled in OTRS, javascript contained in the email can do everything in the OTRS agent interface that the agent himself could do.
Most relevant is that this type of exploit can be used in such a way that the agent won't even detect he is being exploited.
Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.8.

This vulnerability is fixed in OTRS 2.4.9.
Comment 1 Repository Robot 2010-10-25 21:36:37 MSD 
otrs-2.4.9-alt1 -> sisyphus:

* Mon Oct 25 2010 Pavel Zilke <zidex at altlinux> 2.4.9-alt1
- Security fixes:
  + AgentTicketZoom is vulnerable to XSS attacks from HTML e-mails; OSA-2010-03 (ALT #24419)