Vulnerabilities > Otrs > Otrs > 2.3.2

DATE CVE VULNERABILITY TITLE RISK
2010-09-20 CVE-2010-3476 Improper Input Validation vulnerability in Otrs
Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.
network
low complexity
otrs CWE-20
5.0
5.0
2010-09-20 CVE-2010-2080 Cross-Site Scripting vulnerability in Otrs
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
otrs CWE-79
3.5
3.5
2010-02-09 CVE-2010-0438 SQL Injection vulnerability in Otrs
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
otrs CWE-89
6.5
6.5