Vulnerabilities > Otrs > Otrs > 7.0.27

DATE CVE VULNERABILITY TITLE RISK
2021-07-26 CVE-2021-36091 Incorrect Authorization vulnerability in Otrs
Agents are able to list appointments in the calendars without required permissions.
network
low complexity
otrs CWE-863
4.3
4.3
2021-07-26 CVE-2021-36092 Cross-site Scripting vulnerability in Otrs
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack.
network
otrs CWE-79
4.3
4.3
2021-06-14 CVE-2021-21439 Improper Handling of Exceptional Conditions vulnerability in Otrs
DoS attack can be performed when an email contains specially designed URL in the body.
network
low complexity
otrs CWE-755
6.5
6.5