6 matches found
CVE-2026-48209
OTRS Community Edition 7.0.x is vulnerable to reflected XSS due to improper neutralization of user-controllable input in ticket handling. Attackers who are authenticated can exploit crafted request parameters in ticket actions to inject JavaScript via manipulated request URLs, executing code in t...
Linux Distros Unpatched Vulnerability : CVE-2021-36094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG OTRS Community Edition 6.0.x versi...
SUSE CVE-2024-43445
A vulnerability exists in OTRS and OTRS Community Edition that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects:...
PT-2023-32094 · Openssl +2 · Openssl +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static S...
SUSE CVE-2020-1768
The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions...
PT-2023-16838 · Otrs Ag +1 · Otrs +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.41 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to an Improper Input Validation vulnerability in the Ticket Actions modules of OTRS AG OTRS and OTRS AG OTRS Community...