Vulnerabilities > Otrs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-06 | CVE-2021-36094 | Cross-site Scripting vulnerability in Otrs It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. | 5.4 |
| 2021-09-06 | CVE-2021-36095 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Otrs Malicious attacker is able to find out valid user logins by using the "lost password" feature. | 5.3 |
| 2021-08-09 | CVE-2013-4718 | Cross-site Scripting vulnerability in Otrs and Otrs Itsm Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. | 5.4 |
| 2021-07-26 | CVE-2021-21440 | Unspecified vulnerability in Otrs Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. | 6.5 |
| 2021-07-26 | CVE-2021-21442 | Cross-site Scripting vulnerability in Otrs Time Accounting 7.0.0/7.0.19 In the project create screen it's possible to inject malicious JS code to the certain fields. | 5.4 |
| 2021-07-26 | CVE-2021-21443 | Unspecified vulnerability in Otrs Agents are able to list customer user emails without required permissions in the bulk action screen. | 4.3 |
| 2021-07-26 | CVE-2021-36091 | Incorrect Authorization vulnerability in Otrs Agents are able to list appointments in the calendars without required permissions. | 4.3 |
| 2021-07-26 | CVE-2021-36092 | Cross-site Scripting vulnerability in Otrs It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. | 6.1 |
| 2021-06-14 | CVE-2021-21439 | Improper Handling of Exceptional Conditions vulnerability in Otrs DoS attack can be performed when an email contains specially designed URL in the body. | 6.5 |
| 2021-03-22 | CVE-2021-21438 | Incorrect Default Permissions vulnerability in Otrs FAQ and Otrs Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). | 4.3 |