Vulnerabilities > Otrs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-12 | CVE-2017-9324 | Improper Privilege Management vulnerability in multiple products In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. | 8.8 |
| 2017-05-29 | CVE-2017-9299 | Cross-site Scripting vulnerability in Otrs 3.3.9 Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. | 6.1 |
| 2017-02-17 | CVE-2016-9139 | Cross-site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. | 6.1 |
| 2016-09-17 | CVE-2016-5843 | SQL Injection vulnerability in Otrs FAQ Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. | 9.4 |