ocsinventory: cross-site scripting [LWN.net]

Package(s):

ocsinventory

CVE #(s):

CVE-2014-4722

Created:

July 21, 2014

Updated:

August 8, 2014

Description:

From the CVE entry:

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Alerts:

Mageia	MGASA-2014-0317	ocsinventory	2014-08-05
Mandriva	MDVSA-2014:156	ocsinventory	2014-08-07
Fedora	FEDORA-2014-8218	ocsinventory	2014-07-19
Fedora	FEDORA-2014-8227	ocsinventory	2014-07-19