{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2007-2524","title":"Title"},{"category":"description","text":"Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action.  NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2007-2524","url":"https://www.suse.com/security/cve/CVE-2007-2524"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 278624 for CVE-2007-2524","url":"https://bugzilla.suse.com/278624"},{"category":"external","summary":"Advisory link for SUSE-SR:2007:013","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NFD4PA3UQYFXNU44YZCEAINX3XSTPUJ4/#NFD4PA3UQYFXNU44YZCEAINX3XSTPUJ4"}],"title":"SUSE CVE CVE-2007-2524","tracking":{"current_release_date":"2023-12-09T03:40:50Z","generator":{"date":"2023-02-15T06:12:07Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2007-2524","initial_release_date":"2023-02-15T06:12:07Z","revision_history":[{"date":"2023-02-15T06:12:07Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:18:53Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:40:50Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}