This host is installed with OTRS (Open Ticket Request System) or OTRS:ITSM and is prone to HTML injection vulnerability.

Successful exploitation will allow remote attackers to inject arbitrary web script or HTML via an e-mail message body. Impact Level: Application

Upgrade to OTRS (Open Ticket Request System) version 2.4.13, 3.0.15 and 3.1.9 or later, and OTRS::ITSM version 3.1.6, 3.0.6 and 2.1.5 For updates refer to http://www.otrs.com/en/ or Apply patch from the vendor advisory link http://otrs.org/advisory/OSA-2012-01-en/

An error exists in application which fails to properly sanitize user-supplied input before using it

OTRS (Open Ticket Request System) version 2.4.x up to and including 2.4.12, 3.0.x up to and including 3.0.14 and 3.1.x up to and including 3.1.8 OTRS::ITSM 3.1.0 up to and including 3.1.5, 3.0.0 up to and including 3.0.5 and 2.1.0 up to and including 2.1.4

Get the installed version and location of OTRS with the help of detect NVT and check the OTRS and OTRS:ITSM version is vulnerable or not.

• http://osvdb.org/84762
• http://otrs.org/advisory/OSA-2012-01-en/
• http://www.exploit-db.com/exploits/20359/
• http://www.securityfocus.com/bid/54890

---

Updated on 2015-03-25