Filtered by vendor Otrs
Subscriptions
Filtered by product Otrs
Subscriptions
Total
135 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-1771 | 1 Otrs | 1 Otrs | 2024-09-17 | 4.6 Medium |
Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue affects: ((OTRS)) Community Edition: 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
CVE-2021-36092 | 1 Otrs | 1 Otrs | 2024-09-17 | 6.5 Medium |
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. | ||||
CVE-2022-32739 | 1 Otrs | 2 Calendar Resource Planning, Otrs | 2024-09-17 | 3.5 Low |
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | ||||
CVE-2010-4767 | 1 Otrs | 1 Otrs | 2024-09-17 | N/A |
Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox. | ||||
CVE-2022-1004 | 1 Otrs | 1 Otrs | 2024-09-17 | 4.3 Medium |
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. | ||||
CVE-2010-4765 | 1 Otrs | 1 Otrs | 2024-09-17 | N/A |
Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets. | ||||
CVE-2022-0475 | 1 Otrs | 1 Otrs | 2024-09-17 | 3.5 Low |
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions. | ||||
CVE-2021-36100 | 1 Otrs | 3 Otrs, Otrs Itsm, Otrs Storm | 2024-09-17 | 6.4 Medium |
Specially crafted string in OTRS system configuration can allow the execution of any system command. | ||||
CVE-2021-21438 | 1 Otrs | 2 Faq, Otrs | 2024-09-17 | 3.5 Low |
Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions. | ||||
CVE-2020-1769 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2024-09-17 | 3.5 Low |
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
CVE-2008-7279 | 1 Otrs | 1 Otrs | 2024-09-17 | N/A |
The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors. | ||||
CVE-2020-1777 | 1 Otrs | 1 Otrs | 2024-09-17 | 4.3 Medium |
Agent names that participates in a chat conversation are revealed in certain parts of the external interface as well as in chat transcriptions inside the tickets, when system is configured to mask real agent names. This issue affects OTRS; 7.0.21 and prior versions, 8.0.6 and prior versions. | ||||
CVE-2020-1770 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-09-17 | 2.4 Low |
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
CVE-2018-20800 | 1 Otrs | 1 Otrs | 2024-09-17 | N/A |
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. | ||||
CVE-2020-1776 | 1 Otrs | 1 Otrs | 2024-09-17 | 3.5 Low |
When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions. | ||||
CVE-2020-1766 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-09-17 | 2 Low |
Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | ||||
CVE-2009-5057 | 1 Otrs | 1 Otrs | 2024-09-16 | N/A |
The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file. | ||||
CVE-2020-1778 | 1 Otrs | 1 Otrs | 2024-09-16 | 4.1 Medium |
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions. | ||||
CVE-2010-4766 | 1 Otrs | 1 Otrs | 2024-09-16 | N/A |
The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client. | ||||
CVE-2020-1773 | 1 Otrs | 1 Otrs | 2024-09-16 | 7.3 High |
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions. |