CVE-2012-4600
EPSS 6.2%
Description
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
How to fix CVE-2012-4600
To remediate CVE-2012-4600, upgrade the affected package to a fixed version below.
- Debian/otrs2—upgrade to 3.1.7+dfsg1-5 or later
Is CVE-2012-4600 being exploited?
Moderate — EPSS is 6.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 3.1.7+dfsg1-5