Vulnerabilities > Otrs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-27 | CVE-2020-1769 | In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. | 4.3 |
| 2020-03-19 | CVE-2019-16375 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. | 5.4 |
| 2020-03-10 | CVE-2019-13457 | Information Exposure vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. | 4.3 |
| 2020-03-10 | CVE-2019-10065 | Unspecified vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. | 4.3 |
| 2020-02-21 | CVE-2013-4088 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 6.5 |
| 2020-02-21 | CVE-2013-3551 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 6.5 |
| 2020-02-12 | CVE-2013-2637 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | 6.1 |
| 2020-02-07 | CVE-2020-1768 | Insufficient Session Expiration vulnerability in Otrs The external frontend system uses numerous background calls to the backend. | 5.4 |
| 2020-01-10 | CVE-2020-1767 | Agent A is able to save a draft (i.e. | 4.3 |
| 2020-01-10 | CVE-2020-1766 | Cross-site Scripting vulnerability in multiple products Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. | 6.1 |