Mandriva Linux Security Advisory 2013-112 - Multiple cross-site scripting vulnerabilities in Open Ticket Request System Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with expression property in the STYLE attribute of an arbitrary element or UTF-7 text in an HTTP-EQUIV=CONTENT-TYPE META element. Cross-site scripting vulnerability in Open Ticket Request System Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. Cross-site scripting vulnerability in Open Ticket Request System Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
ef99ff1195e6fef97371a1c9efaee80a50ab7b45cb1d0b8ea55436dc8f49df6d
OTRS Open Technology Real Services versions 3.1.8 and 3.1.9 suffer from a cross site scripting vulnerability.
44e86d4c3e5f7756c4f39b00250b4d9b1d30643d128c323b8f854c7143433d39