CVE-2010-4760
https://notcve.org/view.php?id=CVE-2010-4760
Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. Open Ticket Request System (OTRS) anteriores a v3.0.0-beta6 adiciona los email-notification-ext a los tickets durante el procesamiento de las notificaciones basadas en eventos, que permite a usuarios remotos autenticados para obtener información sensible mediante la lectura de un ticket. • http://bugs.otrs.org/show_bug.cgi?id=5975 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-4071
https://notcve.org/view.php?id=CVE-2010-4071
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en AgentTicketZoom para OTRS v2.4.x v2.4.9, cuando RichText está activada, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de JavaScript en un correo electrónico HTML. • http://bugs.gentoo.org/342687 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://otrs.org/advisory/OSA-2010-03-en http://secunia.com/advisories/41978 http://www.osvdb.org/68882 http://www.vuxml.org/freebsd/96e776c7-e75c-11df-8f26-00151735203a.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •