CVE-2012-4600

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) Help Desk versions 2.4.x through 2.4.13 Open Ticket Request System (OTRS) Help Desk versions 3.0.x through 3.0.15 Open Ticket Request System (OTRS) Help Desk versions 3.1.x through 3.1.9 otrs2 (affected versions not specified)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags when using Firefox or Opera. Multiple vulnerabilities in the otrs2 package may lead to a breach of protected information integrity and can be exploited remotely.

Recommendations For Open Ticket Request System (OTRS) Help Desk versions 2.4.x through 2.4.13, update to version 2.4.14 or later. For Open Ticket Request System (OTRS) Help Desk versions 3.0.x through 3.0.15, update to version 3.0.16 or later. For Open Ticket Request System (OTRS) Help Desk versions 3.1.x through 3.1.9, update to version 3.1.10 or later. For otrs2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.