CVE-2011-3199

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie
Control (DTC) before 0.34.1 allow remote authenticated users to inject
arbitrary web script or HTML via the (1) message body of a support ticket
or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by
the “Domain root TXT record:” field.

Bugs

• <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637584&gt;