Vulnerabilities > Otrs > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-01-10 CVE-2020-1767 Agent A is able to save a draft (i.e.
network
low complexity
otrs debian
4.3
4.3
2020-01-10 CVE-2020-1766 Cross-site Scripting vulnerability in multiple products
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file.
network
low complexity
otrs debian CWE-79
6.1
6.1
2020-01-10 CVE-2020-1765 An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound.
network
low complexity
otrs debian opensuse
5.3
5.3
2020-01-06 CVE-2019-18179 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23.
network
low complexity
otrs debian opensuse
4.3
4.3
2019-11-27 CVE-2013-2625 Improper Privilege Management vulnerability in multiple products
An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8.
network
low complexity
otrs debian opensuse CWE-269
6.5
6.5
2019-08-21 CVE-2019-13458 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
network
low complexity
otrs debian
6.5
6.5
2019-08-21 CVE-2019-12746 Information Exposure vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
network
low complexity
otrs debian CWE-200
6.5
6.5
2019-07-08 CVE-2018-11563 An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7.
network
low complexity
otrs debian
4.6
4.6
2019-06-17 CVE-2019-12248 An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36.
network
low complexity
otrs debian
4.3
4.3
2019-06-17 CVE-2019-12497 Information Exposure vulnerability in multiple products
An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36.
network
low complexity
otrs debian CWE-200
5.3
5.3