CVE-2012-4751
EPSS 5.6%
Description
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
How to fix CVE-2012-4751
To remediate CVE-2012-4751, upgrade the affected package to a fixed version below.
- Debian/otrs2—upgrade to 3.1.7+dfsg1-6 or later
Is CVE-2012-4751 being exploited?
Moderate — EPSS is 5.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 3.1.7+dfsg1-6