Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-4071

Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.

Related bugs and status

CVE-2010-4071 (Candidate) is related to these bugs:

Bug #687953: SRU otrs in 10.04 LTS

		In	Importance	Status
687953	SRU otrs in 10.04 LTS	otrs2 (Ubuntu)	Medium	Fix Released
687953	SRU otrs in 10.04 LTS	otrs2 (Ubuntu Lucid)	Undecided	Won't Fix
687953	SRU otrs in 10.04 LTS	otrs2 (Ubuntu Maverick)	Undecided	Won't Fix
687953	SRU otrs in 10.04 LTS	otrs2 (Ubuntu Natty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.gentoo.org...
MISC: http://www.vuxml.org/f...
CONFIRM: http://otrs.org/adviso...
SUSE: SUSE-SR:2010:024
OSVDB: 68882
SECUNIA: 41978