{"id":"DEBIAN-CVE-2012-4600","details":"Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.","modified":"2026-04-28T20:12:05.523053Z","published":"2012-08-31T14:55:01.293Z","upstream":["CVE-2012-4600"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-4600"}],"affected":[{"package":{"name":"otrs2","ecosystem":"Debian:11","purl":"pkg:deb/debian/otrs2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.7+dfsg1-5"}]}],"versions":["2.0.4p01-10","2.0.4p01-11","2.0.4p01-12","2.0.4p01-13","2.0.4p01-14","2.0.4p01-14.1","2.0.4p01-15","2.0.4p01-16","2.0.4p01-17","2.0.4p01-18","2.0.4p01-6","2.0.4p01-7","2.0.4p01-8","2.0.4p01-9","2.0.99beta1-1","2.0.99beta1-2","2.1.1-1","2.1.3-1","2.1.4-1","2.1.4-2","2.1.5-1","2.1.5-2","2.1.5-3","2.1.6-1","2.1.7-1","2.1.7-2","2.2.0~beta2-1","2.2.0~beta3-1","2.2.1-1","2.2.2-1","2.2.3-1","2.2.4-1","2.2.5-1","2.2.5-2","2.2.6-1","2.2.7-1","2.2.7-2","2.2.7-2lenny1","2.2.7-2lenny2","2.2.7-2lenny3","2.2.7-3","2.3.2-1","2.3.2-2","2.3.3-1","2.3.4-1","2.3.4-2","2.3.4-3","2.3.4-4","2.3.4-5","2.3.4-6","2.3.4-7","2.4.10+dfsg1-1","2.4.10+dfsg1-2","2.4.10+dfsg1-3","2.4.5-1","2.4.5-2","2.4.5-3","2.4.5-4","2.4.5-5","2.4.6-1","2.4.6-2","2.4.7+dfsg1-1","2.4.7-1","2.4.7-2","2.4.7-3","2.4.7-4","2.4.7-5","2.4.7-6","2.4.8+dfsg1-1","2.4.9+dfsg1-1","2.4.9+dfsg1-2","2.4.9+dfsg1-3","2.4.9+dfsg1-3+squeeze1","2.4.9+dfsg1-3+squeeze3","2.4.9+dfsg1-3+squeeze4","2.4.9+dfsg1-3+squeeze5","2.4.9+dfsg1-4","2.4.9+dfsg1-5","3.0.10+dfsg1-1","3.0.10+dfsg1-2","3.0.11+dfsg1-1","3.0.8+dfsg1-1","3.0.9+dfsg1-1","3.1.0~beta4+dfsg1-1","3.1.0~beta5+dfsg1-1","3.1.0~rc1+dfsg1-1","3.1.1+dfsg1-1","3.1.1+dfsg1-2","3.1.2+dfsg1-1","3.1.2+dfsg1-2","3.1.2+dfsg1-3","3.1.3+dfsg1-1","3.1.3+dfsg1-2","3.1.4+dfsg1-1","3.1.5+dfsg1-1","3.1.5+dfsg1-2","3.1.5+dfsg1-3","3.1.6+dfsg1-1","3.1.7+dfsg1-1","3.1.7+dfsg1-2","3.1.7+dfsg1-3","3.1.7+dfsg1-4"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-4600.json"}}],"schema_version":"1.7.5"}