CVE-2012-4600 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2012-4600 Interim 1 10 2023-12-08T02:48:42Z current 2021-05-30T13:06:27Z 2023-12-08T02:48:42Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2012-4600 Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed otrs-3.3.16-37.1 otrs-doc-3.3.16-37.1 otrs-itsm-3.3.14-37.1 otrs-3.3.16-37.1 as a component of openSUSE Tumbleweed otrs-doc-3.3.16-37.1 as a component of openSUSE Tumbleweed otrs-itsm-3.3.14-37.1 as a component of openSUSE Tumbleweed Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. CVE-2012-4600 openSUSE Tumbleweed:otrs-3.3.16-37.1 openSUSE Tumbleweed:otrs-doc-3.3.16-37.1 openSUSE Tumbleweed:otrs-itsm-3.3.14-37.1 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N