Vulnerabilities > Otrs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-21 | CVE-2013-4088 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 4.0 |
| 2020-02-21 | CVE-2013-3551 | Information Exposure vulnerability in Otrs and Otrs Itsm Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 4.0 |
| 2020-02-12 | CVE-2013-2637 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | 4.3 |
| 2020-02-07 | CVE-2020-1768 | Insufficient Session Expiration vulnerability in Otrs The external frontend system uses numerous background calls to the backend. | 5.5 |
| 2020-01-10 | CVE-2020-1767 | Agent A is able to save a draft (i.e. | 4.3 |
| 2020-01-10 | CVE-2020-1766 | Cross-site Scripting vulnerability in multiple products Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. | 6.1 |
| 2020-01-10 | CVE-2020-1765 | An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. | 5.3 |
| 2020-01-06 | CVE-2019-18179 | An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. | 4.3 |
| 2019-12-05 | CVE-2019-18180 | Infinite Loop vulnerability in Otrs Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. | 7.5 |
| 2019-11-27 | CVE-2013-2625 | Improper Privilege Management vulnerability in multiple products An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. | 6.4 |