Arbitrary Web Script Injection via JavaScript in HTML E-mail in OTRS 2.4.x before 2.4.9

CVE-2010-4071

Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.

Learn more about our Web App Pen Testing.