Vulnerabilities > Otrs > Otrs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-22 | CVE-2019-10067 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. | 5.4 |
2019-05-22 | CVE-2019-10066 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. | 3.5 |
2019-03-13 | CVE-2019-9752 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. | 3.5 |
2019-03-13 | CVE-2019-9751 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. | 3.5 |
2019-03-13 | CVE-2018-20800 | Improper Input Validation vulnerability in Otrs 5.0.31/6.0.13 An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. | 5.5 |
2018-06-06 | CVE-2018-10198 | Information Exposure vulnerability in Otrs An issue was discovered in OTRS 6.0.x before 6.0.7. | 4.0 |
2018-03-04 | CVE-2018-7567 | Unrestricted Upload of File with Dangerous Type vulnerability in Otrs In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. | 7.2 |
2017-12-20 | CVE-2017-17476 | Information Exposure vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. | 6.8 |
2017-12-08 | CVE-2017-16854 | Information Exposure vulnerability in multiple products In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. | 4.0 |
2017-12-08 | CVE-2017-16921 | OS Command Injection vulnerability in multiple products In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. | 9.0 |