2019-07-08 12:23:59
mitre
PUBLISHED
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customers browser in the context of the OTRS customer panel application.