From Mageia wiki
MGASA-2012-0275
Date: | September 23rd, 2012 |
Affected releases: | 1 |
Description:
A vulnerability has been found and corrected in ocsinventory:
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS
Inventory NG 2.0.1 and earlier allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors (CVE-2011-4024).
The updated packages have been patched to correct this issue.
Updated Packages:
ocsinventory-server-1.3.3-1.1.mga1
ocsinventory-reports-1.3.3-1.1.mga1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4024
https://bugs.mageia.org/show_bug.cgi?id=5252