Vulnerabilities > Otrs > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-21 CVE-2019-12746 Information Exposure vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
network
low complexity
otrs debian CWE-200
6.5
6.5
2019-07-08 CVE-2018-11563 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7.
network
low complexity
otrs debian
4.6
4.6
2019-06-17 CVE-2019-12248 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36.
network
low complexity
otrs debian
4.3
4.3
2019-06-17 CVE-2019-12497 Information Exposure vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36.
network
low complexity
otrs debian CWE-200
5.3
5.3
2019-06-03 CVE-2019-9753 Information Exposure vulnerability in Otrs 7.0.0/7.0.4
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5.
network
low complexity
otrs CWE-200
4.0
4.0
2019-05-22 CVE-2019-9892 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6.
network
low complexity
otrs debian CWE-91
6.5
6.5
2019-05-22 CVE-2019-10067 Cross-site Scripting vulnerability in Otrs
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17.
network
low complexity
otrs CWE-79
5.4
5.4
2019-03-13 CVE-2018-20800 Improper Input Validation vulnerability in Otrs 5.0.31/6.0.13
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13.
network
low complexity
otrs CWE-20
5.5
5.5
2018-11-11 CVE-2018-19143 Forced Browsing vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled.
network
low complexity
otrs debian CWE-425
5.5
5.5
2018-09-28 CVE-2018-16587 Improper Input Validation vulnerability in multiple products
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system.
network
otrs debian CWE-20
5.8
5.8