Vulnerabilities > Otrs

DATE CVE VULNERABILITY TITLE RISK
2019-03-13 CVE-2019-9751 Cross-site Scripting vulnerability in Otrs
An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5.
network
otrs CWE-79
3.5
3.5
2019-03-13 CVE-2018-20800 Improper Input Validation vulnerability in Otrs 5.0.31/6.0.13
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13.
network
low complexity
otrs CWE-20
5.5
5.5
2018-11-11 CVE-2018-19143 Forced Browsing vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
network
low complexity
otrs debian CWE-425
5.5
5.5
2018-11-11 CVE-2018-19142 Cross-site Scripting vulnerability in Otrs Open Ticket Request System
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.
network
otrs CWE-79
3.5
3.5
2018-11-11 CVE-2018-19141 Cross-site Scripting vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
network
otrs debian CWE-79
3.5
3.5
2018-09-28 CVE-2018-16587 Improper Input Validation vulnerability in multiple products
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system.
network
otrs debian CWE-20
5.8
5.8
2018-09-28 CVE-2018-16586 In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system.
network
otrs debian
4.3
4.3
2018-08-04 CVE-2018-14593 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30.
network
low complexity
otrs debian
6.5
6.5
2018-06-06 CVE-2018-10198 Information Exposure vulnerability in Otrs
An issue was discovered in OTRS 6.0.x before 6.0.7.
network
low complexity
otrs CWE-200
4.0
4.0
2018-03-04 CVE-2018-7567 Unrestricted Upload of File with Dangerous Type vulnerability in Otrs
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation.
network
low complexity
otrs CWE-434
7.2
7.2