Vulnerabilities > Otrs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-24 | CVE-2023-38060 | Injection vulnerability in Otrs Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 8.8 |
| 2023-05-08 | CVE-2023-2534 | Incorrect Authorization vulnerability in Otrs Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. | 8.1 |
| 2023-04-16 | CVE-2018-17883 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. | 6.1 |
| 2023-03-20 | CVE-2023-1248 | Cross-site Scripting vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 6.1 |
| 2023-03-20 | CVE-2023-1250 | Code Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. | 7.8 |
| 2022-12-19 | CVE-2022-4427 | SQL Injection vulnerability in Otrs Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 9.8 |
| 2022-10-17 | CVE-2022-39052 | Infinite Loop vulnerability in Otrs An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system | 6.5 |
| 2022-10-17 | CVE-2022-3501 | Missing Authorization vulnerability in Otrs Article template contents with sensitive data could be accessed from agents without permissions. | 7.5 |
| 2022-09-05 | CVE-2022-39051 | Improper Control of Dynamically-Managed Code Resources vulnerability in Otrs Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package | 8.8 |
| 2022-06-13 | CVE-2022-32739 | Unspecified vulnerability in Otrs Calendar Resource Planning and Otrs When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | 5.0 |