This host is running OTRS (Open Ticket Request System) and is prone to html injection vulnerability.

Successful exploitation will allow attackers to steal the victim's cookie-based authentication credentials. Impact Level: Application

Upgrade to OTRS version 3.1.20 or 3.2.15 or 3.3.5 or later, For updates refer to http://www.otrs.com

An error exists in OTRS core system which fails to properly sanitize user-supplied input before using it in dynamically generated content

Open Ticket Request System (OTRS) version 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

• http://secunia.com/advisories/57018
• https://www.otrs.com/security-advisory-2014-03-xss-issue

---

Updated on 2015-03-25