Vulnerability Note VU#603276
OTRS contains a cross-site scripting vulnerability
Open Technology Real Services (OTRS) contains a cross-site scripting (XSS) (CWE-79) vulnerability in the body of HTML emails viewed within the OTRS application.
OTRS is an open source Help Desk and ITILŪ V3 compliant IT Service Management platform.
OTRS Security Advisory 2012-03 states:
Affected by this vulnerability are all releases of OTRS 2.4.x up to and including 2.4.14, 3.0.x up to and including 3.0.16 and 3.1.x up to and including 3.1.10.
A remote attacker may be able to perform a cross-site scripting attack against a logged in OTRS user by sending a specifically crafted HTML email.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|OTRS||Affected||07 Sep 2012||17 Oct 2012|
CVSS Metrics (Learn More)
Thanks to Mike Eduard of Znuny GmbH for reporting this vulnerability.
- CVE IDs: CVE-2012-4751
- Date Public: 22 Oct 2012
- Date First Published: 17 Oct 2012
- Date Last Updated: 17 Oct 2012
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.