Vulnerability Details CVE-2010-4071
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.4%
CVSS Severity
CVSS v2 Score 2.6
References
- http://bugs.gentoo.org/342687
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://otrs.org/advisory/OSA-2010-03-en/
- http://secunia.com/advisories/41978
- http://www.osvdb.org/68882
- http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html
- http://bugs.gentoo.org/342687
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://otrs.org/advisory/OSA-2010-03-en/
- http://secunia.com/advisories/41978
- http://www.osvdb.org/68882
- http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html
Products affected by CVE-2010-4071
-
cpe:2.3:a:otrs:otrs:2.4.1
-
cpe:2.3:a:otrs:otrs:2.4.2
-
cpe:2.3:a:otrs:otrs:2.4.3
-
cpe:2.3:a:otrs:otrs:2.4.4
-
cpe:2.3:a:otrs:otrs:2.4.5
-
cpe:2.3:a:otrs:otrs:2.4.6
-
cpe:2.3:a:otrs:otrs:2.4.7
-
cpe:2.3:a:otrs:otrs:2.4.8