Vulnerabilities > Otrs > Otrs > 2.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-11 | CVE-2011-0456 | OS Command Injection vulnerability in Otrs webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | 7.5 |
| 2010-09-20 | CVE-2010-3476 | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080. | 5.0 |
| 2010-09-20 | CVE-2010-2080 | Cross-Site Scripting vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2010-02-09 | CVE-2010-0438 | SQL Injection vulnerability in Otrs Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |