Vulnerabilities > Otrs > Otrs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-19 | CVE-2019-16375 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. | 5.4 |
2020-03-10 | CVE-2019-13457 | Information Exposure vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. | 4.3 |
2020-03-10 | CVE-2019-10065 | Unspecified vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. | 4.0 |
2020-02-21 | CVE-2013-4088 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 4.0 |
2020-02-21 | CVE-2013-3551 | Information Exposure vulnerability in Otrs and Otrs Itsm Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 4.0 |
2020-02-07 | CVE-2020-1768 | Insufficient Session Expiration vulnerability in Otrs The external frontend system uses numerous background calls to the backend. | 5.5 |
2020-01-10 | CVE-2020-1767 | Agent A is able to save a draft (i.e. | 4.3 |
2020-01-10 | CVE-2020-1766 | Cross-site Scripting vulnerability in multiple products Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. | 6.1 |
2020-01-10 | CVE-2020-1765 | An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. | 5.3 |
2020-01-06 | CVE-2019-18179 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. | 4.3 |