Vulnerabilities > Otrs > Otrs > 8.0.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2022-0475 | Cross-site Scripting vulnerability in Otrs Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). | 3.5 |
| 2022-03-21 | CVE-2022-1004 | Information Exposure vulnerability in Otrs Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | 4.0 |
| 2021-10-18 | CVE-2021-36097 | Unspecified vulnerability in Otrs Agents are able to lock the ticket without the "Owner" permission. | 4.3 |
| 2021-09-06 | CVE-2021-36096 | Cleartext Storage of Sensitive Information vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 4.0 |
| 2021-09-06 | CVE-2021-36093 | Unspecified vulnerability in Otrs It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. | 5.0 |
| 2021-09-06 | CVE-2021-36094 | Cross-site Scripting vulnerability in Otrs It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. | 3.5 |
| 2021-09-06 | CVE-2021-36095 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs Malicious attacker is able to find out valid user logins by using the "lost password" feature. | 5.0 |
| 2021-06-16 | CVE-2021-21441 | Cross-site Scripting vulnerability in Otrs There is a XSS vulnerability in the ticket overview screens. | 7.5 |