{
  "modified": "2025-04-11T00:51:21Z",
  "published": "2011-01-20T19:00:05Z",
  "id": "CVE-2010-4071",
  "details": "Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://otrs.org/advisory/OSA-2010-03-en/"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/41978"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/342687"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/68882"
    },
    {
      "type": "WEB",
      "url": "http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html"
    }
  ]
}