Vulnerabilities > Otrs > Otrs

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2019-10067 Cross-site Scripting vulnerability in Otrs
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17.
network
low complexity
otrs CWE-79
5.4
2019-05-22 CVE-2019-10066 Cross-site Scripting vulnerability in Otrs
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12.
network
otrs CWE-79
3.5
2019-03-13 CVE-2019-9752 Cross-site Scripting vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4.
network
otrs opensuse CWE-79
3.5
2019-03-13 CVE-2019-9751 Cross-site Scripting vulnerability in Otrs
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5.
network
otrs CWE-79
3.5
2019-03-13 CVE-2018-20800 Improper Input Validation vulnerability in Otrs 5.0.31/6.0.13
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13.
network
low complexity
otrs CWE-20
5.5
2018-06-06 CVE-2018-10198 Information Exposure vulnerability in Otrs
An issue was discovered in OTRS 6.0.x before 6.0.7.
network
low complexity
otrs CWE-200
4.0
2018-03-04 CVE-2018-7567 Unrestricted Upload of File with Dangerous Type vulnerability in Otrs
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation.
network
low complexity
otrs CWE-434
7.2
2017-12-20 CVE-2017-17476 Information Exposure vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
network
otrs debian CWE-200
6.8
2017-12-08 CVE-2017-16854 Information Exposure vulnerability in multiple products
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
network
low complexity
otrs debian CWE-200
4.0
2017-12-08 CVE-2017-16921 OS Command Injection vulnerability in multiple products
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
network
low complexity
otrs debian CWE-78
critical
9.0