Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-16375
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.11, and Community Edition 5.0.x up to and including 5.0.37 and 6.0.x up to and including 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a ...
Otrs Otrs
5.4
CVSSv3
CVE-2019-10066
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6, Community Edition 6.0.x up to and including 6.0.17, and OTRSAppointmentCalendar 5.0.x up to and including 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may c...
Otrs Otrs
5.4
CVSSv3
CVE-2019-10067
An issue exists in Open Ticket Request System (OTRS) 7.x up to and including 7.0.6 and Community Edition 5.0.x up to and including 5.0.35 and 6.0.x up to and including 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL...
Otrs Otrs
4.3
CVSSv3
CVE-2019-13457
An issue exists in Open Ticket Request System (OTRS) 7.0.x up to and including 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is ...
Otrs Otrs
5.5
CVSSv3
CVE-2023-5421
An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseA...
Otrs Otrs
6.1
CVSSv3
CVE-2021-36092
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x versio...
Otrs Otrs
8.8
CVSSv3
CVE-2023-38060
Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated malicious user to to perform an host header injection for the ContentType header of the a...
Otrs Otrs
9.8
CVSSv3
CVE-2024-23790
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X up to and including 7.0.48, from 8.0.X up to and including 8.0.37, from 2023 up to and including...
Otrs Otrs
7.5
CVSSv3
CVE-2024-23791
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X up to and including 7.0.48, from 8.0.X up to and including 8.0.37, from 2023.X up to and including 2023....
Otrs Otrs
6.1
CVSSv3
CVE-2018-17883
An issue exists in Open Ticket Request System (OTRS) 6.0.x prior to 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »