Arbitrary Web Script Injection via JavaScript in HTML E-mail in OTRS 2.4.x before 2.4.9

Arbitrary Web Script Injection via JavaScript in HTML E-mail in OTRS 2.4.x before 2.4.9

CVE-2010-4071 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.

Learn more about our Web App Pen Testing.