Vulnerabilities > Otrs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-16 | CVE-2021-21441 | Cross-site Scripting vulnerability in Otrs There is a XSS vulnerability in the ticket overview screens. | 7.5 |
| 2020-03-27 | CVE-2020-1773 | Insufficient Entropy vulnerability in Otrs An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. | 8.1 |
| 2020-03-27 | CVE-2020-1772 | It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. | 7.5 |
| 2019-12-05 | CVE-2019-18180 | Infinite Loop vulnerability in Otrs Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. | 7.5 |
| 2018-03-04 | CVE-2018-7567 | Unrestricted Upload of File with Dangerous Type vulnerability in Otrs In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. | 7.2 |
| 2014-02-04 | CVE-2014-1471 | SQL Injection vulnerability in Otrs SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. | 7.5 |
| 2011-03-11 | CVE-2011-0456 | OS Command Injection vulnerability in Otrs webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability." | 7.5 |
| 2005-11-29 | CVE-2005-3893 | Unspecified vulnerability in Otrs Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. | 7.5 |