From secunia at $URL: Description A vulnerability has been reported in OTRS Help Desk, which can be exploited by malicious people to conduct script insertion attacks. Input passed within HTML e-mail messages is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that the victim user is running Firefox or Opera. The vulnerability is reported in versions prior to 2.4.14, 3.0.16, and 3.1.10. Solution Update to version 2.4.14, 3.0.16, or 3.1.10.
+ 03 Sep 2012; Patrick Lauer <patrick@gentoo.org> +otrs-3.1.10.ebuild, + -otrs-3.1.8.ebuild, -otrs-3.1.9.ebuild: + Bump for #433770 All older versions removed
Closed as noglsa
CVE-2012-4600 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4600): Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
