Vulnerabilities > Otrs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-24 | CVE-2023-38057 | Cross-site Scripting vulnerability in Otrs Survey An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. | 5.4 |
| 2023-07-24 | CVE-2023-38058 | Incorrect Authorization vulnerability in Otrs An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35. | 4.3 |
| 2023-07-24 | CVE-2023-38060 | Injection vulnerability in Otrs Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 8.8 |
| 2023-05-08 | CVE-2023-2534 | Incorrect Authorization vulnerability in Otrs Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. | 8.1 |
| 2023-04-16 | CVE-2018-17883 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. | 6.1 |
| 2023-03-20 | CVE-2023-1248 | Cross-site Scripting vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 6.1 |
| 2023-03-20 | CVE-2023-1250 | Code Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. | 7.8 |
| 2022-12-19 | CVE-2022-4427 | SQL Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 9.8 |
| 2022-10-17 | CVE-2022-39052 | Infinite Loop vulnerability in Otrs An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system | 6.5 |
| 2022-10-17 | CVE-2022-3501 | Missing Authorization vulnerability in Otrs Article template contents with sensitive data could be accessed from agents without permissions. | 7.5 |