Vulnerabilities > Otrs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-15 | CVE-2020-1777 | Information Exposure vulnerability in Otrs Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. | 5.0 |
| 2020-07-20 | CVE-2020-1776 | Insufficient Session Expiration vulnerability in Otrs When an agent user is renamed or set to invalid the session belonging to the user is keept active. | 4.3 |
| 2020-06-08 | CVE-2020-1775 | Information Exposure vulnerability in Otrs BCC recipients in mails sent from OTRS are visible in article detail on external interface. | 4.3 |
| 2020-04-28 | CVE-2020-1774 | When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. | 4.9 |
| 2020-03-27 | CVE-2020-1771 | Cross-site Scripting vulnerability in Otrs Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). | 5.4 |
| 2020-03-27 | CVE-2020-1770 | Information Exposure vulnerability in multiple products Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. | 4.3 |
| 2020-03-27 | CVE-2020-1769 | In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. | 4.3 |
| 2020-03-19 | CVE-2019-16375 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. | 5.4 |
| 2020-03-10 | CVE-2019-13457 | Information Exposure vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. | 4.3 |
| 2020-03-10 | CVE-2019-10065 | Unspecified vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. | 4.0 |