CVE-2026-48208

The CVE concerns an improper neutralization of active SVG content in OTRS/OTRS Community Edition ticket article rendering, allowing an attacker to inject crafted SVGs via email content that triggers browser-side resource exhaustion and DoS when tickets are opened. It is exploitable without JavaSc...

CVE-2025-5412

CVE-2025-5412 affects Mist Community Edition up to 4.7.1. The vulnerability resides in the Login function of src/mist/api/views.py (Authentication Endpoint); manipulating the return_to argument leads to a cross-site scripting (XSS) condition. Exploitation is possible remotely, and public disclosu...

CVE-2025-5411

Mist Community Edition

PT-2025-23436 · Unknown · Mist Community Edition

Name of the Vulnerable Software and Affected Versions: Mist Community Edition versions up to 4.7.1 Description: A critical issue has been found, affecting the create token function of the API Token Handler component. This leads to improper access controls, allowing remote attacks. The issue has...

CVE-2019-16375

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious...

Denial Of Service (DoS)

magento/community-edition is vulnerable to denial of service DoS. The vulnerability exists due to the lack of brute-forcing defenses in the token exchange protocol...