Vulnerabilities > Otrs > Otrs > 5.0.24

DATE CVE VULNERABILITY TITLE RISK
2019-03-13 CVE-2019-9752 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4.
network
low complexity
otrs opensuse CWE-79
5.4
5.4
2017-12-20 CVE-2017-17476 Information Exposure vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
network
low complexity
otrs debian CWE-200
8.8
8.8
2017-12-08 CVE-2017-16921 OS Command Injection vulnerability in multiple products
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
network
low complexity
otrs debian CWE-78
8.8
8.8