Vulnerabilities > Otrs > Otrs > 8.0.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2022-0475 | Cross-site Scripting vulnerability in Otrs Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). | 3.5 |
| 2022-03-21 | CVE-2022-1004 | Information Exposure vulnerability in Otrs Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | 4.0 |