Vulnerabilities > Otrs
|2023-05-08||CVE-2023-2534|| Incorrect Authorization vulnerability in Otrs |
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage.
| 8.1 |
|2023-04-16||CVE-2018-17883|| Cross-site Scripting vulnerability in Otrs |
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12.
| 6.1 |
|2023-03-20||CVE-2023-1248|| Cross-site Scripting vulnerability in Otrs |
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
| 6.1 |
|2023-03-20||CVE-2023-1250|| Code Injection vulnerability in Otrs |
Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code.
| 7.8 |
|2022-12-19||CVE-2022-4427|| Improper Input Validation vulnerability in Otrs 7.0.40/8.0.28 |
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
| 9.8 |
|2022-10-17||CVE-2022-39052|| Infinite Loop vulnerability in Otrs |
An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system
| 6.5 |
|2022-10-17||CVE-2022-3501|| Missing Authorization vulnerability in Otrs |
Article template contents with sensitive data could be accessed from agents without permissions.
| 7.5 |
|2022-09-05||CVE-2022-39051|| Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs |
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
| 8.8 |
|2022-06-13||CVE-2022-32739|| Unspecified vulnerability in Otrs Calendar Resource Planning and Otrs |
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
| 5.0 |
|2022-06-13||CVE-2022-32740|| Unspecified vulnerability in Otrs |
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
| 4.3 |