Mike Eduard

**Name of the Vulnerable Software and Affected Versions** Open Ticket Request System (OTRS) Help Desk versions 2.4.x through 2.4.14 Open Ticket Request System (OTRS) Help Desk versions 3.0.x through 3.0.16 Open Ticket Request System (OTRS) Help Desk versions 3.1.x through 3.1.10 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element. This can be demonstrated by an IFRAME element. **Recommendations** For versions 2.4.x through 2.4.14, update to version 2.4.15 or later. For versions 3.0.x through 3.0.16, update to version 3.0.17 or later. For versions 3.1.x through 3.1.10, update to version 3.1.11 or later.

**Name of the Vulnerable Software and Affected Versions** Open Ticket Request System (OTRS) Help Desk versions 2.4.x through 2.4.13 Open Ticket Request System (OTRS) Help Desk versions 3.0.x through 3.0.15 Open Ticket Request System (OTRS) Help Desk versions 3.1.x through 3.1.9 otrs2 (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags when using Firefox or Opera. Multiple vulnerabilities in the otrs2 package may lead to a breach of protected information integrity and can be exploited remotely. **Recommendations** For Open Ticket Request System (OTRS) Help Desk versions 2.4.x through 2.4.13, update to version 2.4.14 or later. For Open Ticket Request System (OTRS) Help Desk versions 3.0.x through 3.0.15, update to version 3.0.16 or later. For Open Ticket Request System (OTRS) Help Desk versions 3.1.x through 3.1.9, update to version 3.1.10 or later. For otrs2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.