This vulnerability is fixed in OTRS 2.4.15, 3.0.17 and 3.1.11, and it is recommended to upgrade to one of these versions.
Fixed OTRS releases can be found at: http://www.otrs.com/open-source/community-news/releases-notes/
You can also replace the following files with a fixed version, which are available at http://source.otrs.org/
For OTRS versions older than 3.0.12, you also need to update AgentTicketZoom.pm. This is because of bugfix #7005 in 3.0.12, where both files (.pm and .dtl) were affected.
So please update the .pm file to: AgentTicketZoom.pm 184.108.40.206, which is available at http://source.otrs.org/viewvc.cgi/otrs/Kernel/Module/AgentTicketZoom.pm?revision=220.127.116.11&view=markup&pathrev=rel-3_0
However, to avoid unwanted side effects, we recommend a complete update.
pub 2048R/9C227C6B 2011-03-21 [expires at: 2014-03-20]