Vulnerabilities > Otrs > Otrs > 6.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-38059 | Unspecified vulnerability in Otrs The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. | 5.3 |
| 2023-10-16 | CVE-2023-5421 | Cross-site Scripting vulnerability in Otrs An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | 5.5 |
| 2023-10-16 | CVE-2023-5422 | Improper Certificate Validation vulnerability in Otrs The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. | 9.1 |
| 2023-04-16 | CVE-2018-17883 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. | 6.1 |
| 2022-10-17 | CVE-2022-39052 | Infinite Loop vulnerability in Otrs An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system | 6.5 |
| 2022-09-05 | CVE-2022-39049 | Cross-site Scripting vulnerability in Otrs An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. | 4.8 |
| 2022-09-05 | CVE-2022-39050 | Cross-site Scripting vulnerability in Otrs An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. | 4.8 |
| 2022-09-05 | CVE-2022-39051 | Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | 8.8 |
| 2022-03-21 | CVE-2021-36100 | OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm Specially crafted string in OTRS system configuration can allow the execution of any system command. | 8.8 |
| 2021-07-26 | CVE-2021-21440 | Unspecified vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 6.5 |