Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
otrs vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2018-10198
An issue exists in OTRS 6.0.x prior to 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.
Otrs Otrs
6.1
CVSSv3
CVE-2021-36092
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x versio...
Otrs Otrs
5.3
CVSSv3
CVE-2021-36093
It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8....
Otrs Otrs
5.3
CVSSv3
CVE-2022-32740
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
Otrs Otrs
5.3
CVSSv3
CVE-2022-32741
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
Otrs Otrs
4.8
CVSSv3
CVE-2022-39049
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
Otrs Otrs
8.8
CVSSv3
CVE-2022-39051
Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package
Otrs Otrs
7.5
CVSSv3
CVE-2023-6254
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response- This issue affects OTRS: from 8.0.X up to and including 8.0.37.
Otrs Otrs
4.3
CVSSv3
CVE-2022-1004
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
Otrs Otrs
4.3
CVSSv3
CVE-2020-1778
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
Otrs Otrs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »