Vulnerabilities > Otrs > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-11 | CVE-2018-19142 | Cross-site Scripting vulnerability in Otrs Open Ticket Request System Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. | 3.5 |
| 2014-04-02 | CVE-2014-2553 | Cross-Site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields. | 3.5 |
| 2011-03-18 | CVE-2009-5055 | Permissions, Privileges, and Access Controls vulnerability in Otrs Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2. | 3.5 |
| 2011-03-18 | CVE-2009-5056 | Improper Input Validation vulnerability in Otrs Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list. | 2.1 |
| 2011-03-18 | CVE-2010-4758 | Cryptographic Issues vulnerability in Otrs installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen. | 1.9 |
| 2011-03-18 | CVE-2010-4760 | Information Exposure vulnerability in Otrs Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket. | 3.5 |
| 2011-03-18 | CVE-2010-4762 | Cross-Site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface. | 3.5 |
| 2011-01-20 | CVE-2010-4071 | Cross-Site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. | 2.6 |
| 2010-09-20 | CVE-2010-2080 | Cross-Site Scripting vulnerability in Otrs Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |