Vulnerabilities > Otrs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-27 | CVE-2020-1771 | Cross-site Scripting vulnerability in Otrs Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). | 5.4 |
| 2020-03-27 | CVE-2020-1770 | Information Exposure vulnerability in multiple products Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. | 4.3 |
| 2020-03-27 | CVE-2020-1769 | In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. | 4.3 |
| 2020-03-19 | CVE-2019-16375 | Cross-site Scripting vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. | 5.4 |
| 2020-03-10 | CVE-2019-13457 | Information Exposure vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. | 4.3 |
| 2020-03-10 | CVE-2019-10065 | Unspecified vulnerability in Otrs An issue was discovered in Open Ticket Request System (OTRS) 7.0 through 7.0.6. | 4.3 |
| 2020-02-21 | CVE-2013-4088 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 6.5 |
| 2020-02-21 | CVE-2013-3551 | Information Exposure vulnerability in Otrs Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. | 6.5 |
| 2020-02-12 | CVE-2013-2637 | Cross-site Scripting vulnerability in multiple products A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. | 6.1 |
| 2020-02-07 | CVE-2020-1768 | Insufficient Session Expiration vulnerability in Otrs The external frontend system uses numerous background calls to the backend. | 5.4 |