Sysext:lowlevel (function "DB>Full search") susceptible to XSS
Sysext:lowlevel provides, amongst others, a function called "Full Search" that allows to query the database directly. Both sub-functions "raw search in all fields" and "advanced query" are susceptible to XSS as both modules fail to sanitize results.
Reported by Markus Krause
Security Team OTRS reference: 2009091210000033
(issue imported from #M12308)