Vulnerabilities > Otrs > FAQ > 2.0.7

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2013-2637 Cross-site Scripting vulnerability in multiple products
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.
network
otrs opensuse CWE-79
4.3
4.3
2019-11-27 CVE-2013-2625 Improper Privilege Management vulnerability in multiple products
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8.
network
low complexity
otrs debian opensuse CWE-269
6.4
6.4
2016-09-17 CVE-2016-5843 SQL Injection vulnerability in Otrs FAQ
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.
network
low complexity
otrs CWE-89
critical
 9.0
9.0