Vulnerabilities > Otrs > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2022-0475 | Cross-site Scripting vulnerability in Otrs Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). | 3.5 |
| 2022-02-07 | CVE-2022-0474 | Information Exposure vulnerability in Otrs Custom Contact Fields Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. | 3.5 |
| 2022-02-07 | CVE-2022-0473 | Cross-site Scripting vulnerability in Otrs OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. | 3.5 |
| 2021-09-06 | CVE-2021-36094 | Cross-site Scripting vulnerability in Otrs It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. | 3.5 |
| 2021-08-09 | CVE-2013-4718 | Cross-site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. | 3.5 |
| 2021-02-08 | CVE-2021-21434 | Cross-site Scripting vulnerability in Otrs Survey Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. | 3.5 |
| 2019-05-22 | CVE-2019-10066 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. | 3.5 |
| 2019-03-13 | CVE-2019-9751 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. | 3.5 |
| 2019-03-13 | CVE-2019-9752 | Cross-site Scripting vulnerability in multiple products An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. | 3.5 |
| 2018-11-11 | CVE-2018-19141 | Cross-site Scripting vulnerability in multiple products Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | 3.5 |