Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs otrs vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2020-1779
When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x versi...
Otrs Ticket Forms
4.9
CVSSv3
CVE-2020-1774
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior...
Otrs Otrs
Debian Debian Linux 8.0
4.8
CVSSv3
CVE-2022-39049
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
Otrs Otrs
4.8
CVSSv3
CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the us...
Otrs Otrs
4.8
CVSSv3
CVE-2022-0473
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and...
Otrs Otrs
4.8
CVSSv3
CVE-2021-21434
Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior ...
Otrs Survey
4.8
CVSSv3
CVE-2019-9751
An issue exists in Open Ticket Request System (OTRS) 6.x prior to 6.0.17 and 7.x prior to 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document...
Otrs Otrs
4.8
CVSSv3
CVE-2018-19141
Open Ticket Request System (OTRS) 4.0.x prior to 4.0.33 and 5.0.x prior to 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
Otrs Open Ticket Request System
Debian Debian Linux 8.0
4.8
CVSSv3
CVE-2018-19142
Open Ticket Request System (OTRS) 6.0.x prior to 6.0.13 allows an admin to conduct an XSS attack via a modified URL.
Otrs Open Ticket Request System
4.6
CVSSv3
CVE-2018-11563
An issue exists in Open Ticket Request System (OTRS) 6.0.x up to and including 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel applica...
Otrs Otrs
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »