Vulnerabilities > Otrs > Otrs > 6.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-05 | CVE-2022-39051 | Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | 8.8 |
| 2022-03-21 | CVE-2021-36100 | OS Command Injection vulnerability in Otrs Otrs, Otrs Itsm and Otrs Storm Specially crafted string in OTRS system configuration can allow the execution of any system command. | 8.8 |
| 2021-09-06 | CVE-2021-36096 | Cleartext Storage of Sensitive Information vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 4.0 |
| 2021-09-06 | CVE-2021-36093 | Unspecified vulnerability in Otrs It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. | 5.0 |
| 2021-09-06 | CVE-2021-36094 | Cross-site Scripting vulnerability in Otrs It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. | 3.5 |
| 2021-09-06 | CVE-2021-36095 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs Malicious attacker is able to find out valid user logins by using the "lost password" feature. | 5.0 |
| 2021-07-26 | CVE-2021-21443 | Unspecified vulnerability in Otrs Agents are able to list customer user emails without required permissions in the bulk action screen. | 4.3 |
| 2021-07-26 | CVE-2021-36091 | Incorrect Authorization vulnerability in Otrs Agents are able to list appointments in the calendars without required permissions. | 4.3 |
| 2021-07-26 | CVE-2021-36092 | Cross-site Scripting vulnerability in Otrs It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. | 4.3 |
| 2021-06-16 | CVE-2021-21441 | Cross-site Scripting vulnerability in Otrs There is a XSS vulnerability in the ticket overview screens. | 7.5 |