Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
Otrs Otrs
5.4
CVSSv3
CVE-2021-36094
It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions.
Otrs Otrs
5.4
CVSSv3
CVE-2013-4718
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x prior to 3.0.9, 3.1.x prior to 3.1.10, and 3.2.x prior to 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
Otrs Otrs
Otrs Otrs Itsm
5.4
CVSSv3
CVE-2021-21442
In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions before 7.0.19.
Otrs Time Accounting
5.4
CVSSv3
CVE-2020-1771
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions....
Otrs Otrs
5.4
CVSSv3
CVE-2019-16375
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.11, and Community Edition 5.0.x up to and including 5.0.37 and 6.0.x up to and including 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a ...
Otrs Otrs
5.4
CVSSv3
CVE-2020-1768
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions.
Otrs Otrs
5.4
CVSSv3
CVE-2019-10066
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6, Community Edition 6.0.x up to and including 6.0.17, and OTRSAppointmentCalendar 5.0.x up to and including 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may c...
Otrs Otrs
5.4
CVSSv3
CVE-2019-10067
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6 and Community Edition 5.0.x up to and including 5.0.35 and 6.0.x up to and including 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL...
Otrs Otrs
5.4
CVSSv3
CVE-2019-9752
An issue exists in Open Ticket Request System (OTRS) 5.x prior to 5.0.34, 6.x prior to 6.0.16, and 7.x prior to 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the conte...
Otrs Otrs
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »