This host is running Open Ticket Request System (OTRS) and is prone to Cross-site scripting vulnerability.
Successful exploitation will allow attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when malicious data is being viewed. Impact Level: Application
Upgrade to Open Ticket Request System (OTRS) version 2.4.9 or later For updates refer to http://otrs.org/download/
The flaw is due to input passed via HTML e-mails is not properly sanitised in AgentTicketZoom before being displayed to the user.
Open Ticket Request System (OTRS) version 2.4.x before 2.4.9.
Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.
- Firefox Information Disclosure Vulnerability Jan09 (Linux)
- arachni (NASL wrapper)
- Bugzilla 'Install/Filesystem.pm' Information Disclosure Vulnerability
- Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
- NetSaro Enterprise Messenger Cross Site Scripting and HTML Injection Vulnerabilities