CVE-2010-4071

Otrs - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.

References (6)

[Issue Tracking] http://bugs.gentoo.org/342687

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

[Vendor Advisory] http://otrs.org/advisory/OSA-2010-03-en/

[Vendor Advisory] http://secunia.com/advisories/41978

[Various Sources] http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/68882

Scores

EPSS 0.0045

EPSS Percentile 63.4%

Classification

CWE

CWE-79

Status published

Affected Products (9)

otrs/otrs

n/a/n/a

Timeline

Published Jan 20, 2011

Tracked Since Feb 18, 2026