Fabien Arnoux

**Name of the Vulnerable Software and Affected Versions** Open Ticket Request System (OTRS) versions 4.0.x through 4.0.31 Open Ticket Request System (OTRS) versions 5.0.x through 5.0.29 Open Ticket Request System (OTRS) versions 6.0.x through 6.0.10 **Description** An issue exists where an attacker could send a malicious email to an OTRS system. If a logged-in user opens it, the email could cause the browser to load external image or CSS resources. **Recommendations** For OTRS versions 4.0.x through 4.0.31, update to version 4.0.32 or later. For OTRS versions 5.0.x through 5.0.29, update to version 5.0.30 or later. For OTRS versions 6.0.x through 6.0.10, update to version 6.0.11 or later.

**Name of the Vulnerable Software and Affected Versions** Open Ticket Request System (OTRS) versions 4.0.x through 4.0.31 Open Ticket Request System (OTRS) versions 5.0.x through 5.0.29 Open Ticket Request System (OTRS) versions 6.0.x through 6.0.10 **Description** An issue exists where an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. **Recommendations** For OTRS versions 4.0.x through 4.0.31, update to version 4.0.32 or later. For OTRS versions 5.0.x through 5.0.29, update to version 5.0.30 or later. For OTRS versions 6.0.x through 6.0.10, update to version 6.0.11 or later.