This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
OTRS Security Advisory reports :
- Multiple Cross Site Scripting issues : Missing HTML quoting allows
authenticated agents or customers to inject HTML tags. This
vulnerability allows an attacker to inject script code into the OTRS
web-interface which will be loaded and executed in the browsers of
- Possible Denial of Service Attack : Perl's regular expressions
consume 100% CPU time on the server if an agent or customer views an
affected article. To exploit this vulnerability the malicious user
needs to send extremely large HTML emails to your system address.
AgentTicketZoom is vulnerable to XSS attacks from HTML e-mails :
Whenever a customer sends an HTML e-mail and RichText is enabled in
agent interface that the agent himself could do.
Most relevant is that this type of exploit can be used in such a way
that the agent won't even detect he is being exploited.
See also :
Update the affected package.
Risk factor :
Low / CVSS Base Score : 3.5