CVE-2014-2554

medium

Description

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

References

http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/

http://lists.opensuse.org/opensuse-updates/2014-04/msg00062.html

Details

Source: Mitre, NVD

Published: 2014-04-23

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: Medium