Vulnerabilities > Otrs > Otrs > 6.0.24
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-10 | CVE-2020-1766 | Cross-site Scripting vulnerability in multiple products Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. | 6.1 |
| 2020-01-10 | CVE-2020-1765 | An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. | 5.3 |
| 2019-12-05 | CVE-2019-18180 | Infinite Loop vulnerability in Otrs Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. | 7.5 |