+++++++++ OTRS Security Advisory 2015-03 FAQ 5.0.2 (OTRS 5), FAQ 4.0.3. (OTRS 4), FAQ 2.3.4 (OTRS 3.3) +++++++++ Releases: FAQ 5.0.2 (OTRS 5), FAQ 4.0.3 (OTRS 4), FAQ 2.3.4 (OTRS 3.3) Release date: 01-December-2015 Status: Patch Level Release SECURITY FIXES: ============== ------------------------------------------------------------------ OTRS Security Advisory 2015-03 mailto:security@otrs.org> ------------------------------------------------------------------ ID: OSA-2015-03 Date: 2015-11-24 Title: Vulnerability in OTRS FAQ allows user with valid agent login to inject JavaScript code (XSS) Severity: 3.7 (Low) Fixed in: FAQ 5.0.2 (OTRS 5), FAQ 4.0.3 (OTRS 4), FAQ 2.3.4 (OTRS 3.3) URL: https://www.otrs.com/security-advisory-2015-03-vulnerability-discovered-in-o... https://www.otrs.com/security-advisory-2015-03-vulnerability-discovered-in-o... References: CVE-2015-8372 To read the entire Security Advisory please follow this link. https://www.otrs.com/security-advisory-2015-03-vulnerability-discovered-in-o... https://www.otrs.com/security-advisory-2015-03-vulnerability-discovered-in-o... Best regards Goran Pismestrovic — Marketing Assistant OTRS AG Norsk-Data-Straße 1 61352 Bad Homburg Deutschland T: +49 (0) 6172 681988 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ http://www.otrs.com/ Business location: Bad Homburg, Country Court: Bad Homburg, HRB 10751, VAT ID: DE256610065 Chairman: Burchard Steinbild, Managing Board: André Mindermann (CEO), Christopher Kuhn, Sabine Riedel Mobile communication and transparent processes - With the OTRS Business Solution™ 5 Managed you can start fast and without your own IT resources - Discover the new features and order here https://www.otrs.com/new-in-otrs-business-solution-5-mobile-communication-tr...