Vulnerabilities > Otrs > FAQ > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-22 | CVE-2021-21438 | Incorrect Default Permissions vulnerability in Otrs FAQ and Otrs Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). | 4.0 |
| 2020-02-12 | CVE-2013-2637 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | 4.3 |
| 2019-11-27 | CVE-2013-2625 | Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. | 6.4 |