CVE-2010-4071
published 2011-01-20CVE-2010-4071: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary…
PriorityP411low2.6CVSS 2.0
AVNACHAuNCNIPAN
EPSS
1.89%
77.0th percentile
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | otrs2 | < otrs2 2.4.9+dfsg1-1 (bullseye) | otrs2 2.4.9+dfsg1-1 (bullseye) |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
| otrs | otrs | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
osv2.6LOW
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-4071: otrs2 - Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before...
vendor_debian·2010·CVSS 2.6
CVE-2010-4071 [LOW] CVE-2010-4071: otrs2 - Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before...
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
Scope: local
bullseye: resolved (fixed in 2.4.9+dfsg1-1)
GHSA
GHSA-2fww-mhh6-5mxr: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2
ghsa_unreviewed·2022-05-17
CVE-2010-4071 [LOW] CWE-79 GHSA-2fww-mhh6-5mxr: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
OSV
CVE-2010-4071: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2
osv·2011-01-20·CVSS 2.6
CVE-2010-4071 [LOW] CVE-2010-4071: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.gentoo.org/342687http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://otrs.org/advisory/OSA-2010-03-en/http://secunia.com/advisories/41978http://www.osvdb.org/68882http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.htmlhttp://bugs.gentoo.org/342687http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://otrs.org/advisory/OSA-2010-03-en/http://secunia.com/advisories/41978http://www.osvdb.org/68882http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html
2011-01-20
Published