463 matches found
CVE-2024-3347
A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activatejetdetailsformhandler.php. The manipulation of the argument jetid leads to sql injection. The attack may be initiated...
SourceCodester Airline Ticket Reservation System SQL注入漏洞
Airline Ticket Reservation System is a ticket reservation system. A SQL injection vulnerability exists in SourceCodester Airline Ticket Reservation System version 1.0, which is caused by a SQL injection vulnerability in the jetid parameter of the activatejetdetailsformhandler.php file...
PT-2024-21054 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alf.io versions prior to 2.0-Mr-2402 Description: The issue affects an open source ticket reservation system, allowing an attacker to access data from other organizers by using a specially crafted request to receive the e-mail log sent by oth...
alf.io Code Issues Vulnerabilities
alf.io is open source ticket reservation system. A code issue vulnerability exists in versions prior to Alf.io 2.0-M4-2402 that stems from the presence of a cross-site scripting XSS vulnerability...
CVE-2024-23792
When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...
CVE-2024-23791
Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1...
OTRS Security Vulnerabilities
OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions 8.0.X through 8.0.37. An attacker exploiting this vulnerability could read a plain text password sent back to the client in a server response...
PT-2023-32093 · Unknown +2 · Otrs Community Edition +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: An attacker who is logged into OTRS as a user with privileges to create and change customer user data may...
OTRS Security Vulnerabilities
OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS prior to 7.0.47, versions prior to 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which stems from a vulnerability that does not prevent an external IMAGE from being...
WordPress WordPress HelpDesk & Support Ticket System Plugin – Octrace Support Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)
Software WordPress HelpDesk & Support Ticket System Plugin – Octrace Support Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
WordPress WP Ticket Customer Service Software & Support Ticket System Plugin < 5.13 is vulnerable to Cross Site Scripting (XSS)
Software WP Ticket Customer Service Software & Support Ticket System Type Plugin Vulnerable versions 5.13 Fixed in 5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6a595792e2df...
OTRS 安全漏洞
OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS AG OTRS 8. An attacker exploited the vulnerability to track user behavior and gain real-time insight into overall system usage...
SUSE CVE-2005-3893
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 user parameter in the Login action, and remote authenticated users via the...
SUSE CVE-2010-2080
Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
SUSE CVE-2011-2746
Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System OTRS 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors...
SUSE CVE-2012-4600
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...
SUSE CVE-2012-4751
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...
SUSE CVE-2013-4718
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search...
SUSE CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
SUSE CVE-2016-5843
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System OTRS allow remote attackers to execute arbitrary SQL commands via crafted search parameters...