Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-39051
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
Otrs Otrs
4.3
CVSSv3
CVE-2019-13457
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is ...
Otrs Otrs
6.5
CVSSv3
CVE-2021-21439
DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and...
Otrs Otrs
6.1
CVSSv3
CVE-2018-17883
An issue exists in Open Ticket Request System (OTRS) 6.0.x prior to 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
Otrs Otrs
4.3
CVSSv3
CVE-2021-21443
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions before 7.0.27.
Otrs Otrs
4.8
CVSSv3
CVE-2022-0473
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and...
Otrs Otrs
5.4
CVSSv3
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
Otrs Otrs
5.4
CVSSv3
CVE-2019-10066
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6, Community Edition 6.0.x up to and including 6.0.17, and OTRSAppointmentCalendar 5.0.x up to and including 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may c...
Otrs Otrs
6.5
CVSSv3
CVE-2013-4088
Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x prior to 3.0.21, 3.1.x prior to 3.1.17, and 3.2.x prior to 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL...
Otrs Otrs
4.3
CVSSv3
CVE-2019-10065
An issue exists in Open Ticket Request System (OTRS) 7.0 up to and including 7.0.6. An attacker who is logged into OTRS as a customer user can use the search result screens to disclose information from internal FAQ articles, a different vulnerability than CVE-2019-9753.
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »