Open Technology Real Services (OTRS) contains a cross-site scripting (XSS) (CWE-79) vulnerability in the body of HTML emails viewed within the OTRS application.
OTRS is an open source Help Desk and ITIL® V3 compliant IT Service Management platform.
OTRS Security Advisory 2012-03 states:
A remote attacker may be able to perform a cross-site scripting attack against a logged in OTRS user by sending a specifically crafted HTML email.
Apply an Update
Thanks to Mike Eduard of Znuny GmbH for reporting this vulnerability.
|Date First Published:||2012-10-17|
|Date Last Updated:||2012-10-17 16:16 UTC|