Slepnoga

**Name of the Vulnerable Software and Affected Versions** OTRS versions 2.4.x through 2.4.8 **Description** A cross-site scripting issue exists when RichText is enabled, allowing remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. **Recommendations** For OTRS versions 2.4.x through 2.4.8, update to version 2.4.9 or later to resolve the issue. As a temporary workaround, consider disabling RichText until a patch is available.