MEDIUM
Otrs
CVE published 2017-02-17
CVE-2016-9139
CVE-2016-9139 is a cross-site scripting (XSS) issue in Open Ticket Request System (OTRS) that can be triggered with a crafted attachment. The vulnerability affects OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14. Because successful exploitation can inject arbitrary web script or HTML, organizations using OTRS to handle untrusted attachments should treat this as a real web applicatio [truncated]