Vulnerabilities > Otrs > Otrs > 7.0.27
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-26 | CVE-2021-36091 | Incorrect Authorization vulnerability in Otrs Agents are able to list appointments in the calendars without required permissions. | 4.3 |
2021-07-26 | CVE-2021-36092 | Cross-site Scripting vulnerability in Otrs It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. | 4.3 |
2021-06-14 | CVE-2021-21439 | Improper Handling of Exceptional Conditions vulnerability in Otrs DoS attack can be performed when an email contains specially designed URL in the body. | 6.5 |