CVE-2010-4071 — Cross-site Scripting in Otrs

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

2.6LOWNVD

EPSS

0.5%

top 36.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedJan 20

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.4.9+dfsg1-1 (bullseye)

▶NVDotrs/otrs8 versions+7

🔴Vulnerability Details

GHSA

GHSA-2fww-mhh6-5mxr: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2↗2022-05-17

▶

OSV

CVE-2010-4071: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2↗2011-01-20

▶

📋Vendor Advisories

Debian

CVE-2010-4071: otrs2 - Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before...↗2010

▶