ZSA-2020-07
JavaScript can be executed with a prepared link to the customer address book
Problem
An article can be prepared with a link to the customer address book which will execute malicious JavaScript code.
Solution
Upgrade to the latest available OTRS patch level (https://ftp.otrs.org/pub/otrs/).
Workaround
As a workaround, you can replace the affected files (see below for download).
ATTENTION: Please check if any of these files have been changed in your OTRS installation by additional add-ons. In that case you MUST NOT simply overwrite the files with the ones provided below. Please contact us instead.