Lucene search
+L

463 matches found

OSV
OSV
added 2024/04/05 4:15 p.m.6 views

CVE-2024-3347

A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activatejetdetailsformhandler.php. The manipulation of the argument jetid leads to sql injection. The attack may be initiated...

9.8CVSS5.7AI score0.00862EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.7 views

SourceCodester Airline Ticket Reservation System SQL注入漏洞

Airline Ticket Reservation System is a ticket reservation system. A SQL injection vulnerability exists in SourceCodester Airline Ticket Reservation System version 1.0, which is caused by a SQL injection vulnerability in the jetid parameter of the activatejetdetailsformhandler.php file...

9.8CVSS7.9AI score0.00862EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/02/19 12:0 a.m.8 views

PT-2024-21054 · Alf.Io · Alf.Io

Name of the Vulnerable Software and Affected Versions: alf.io versions prior to 2.0-Mr-2402 Description: The issue affects an open source ticket reservation system, allowing an attacker to access data from other organizers by using a specially crafted request to receive the e-mail log sent by oth...

7.2CVSS7.1AI score0.00748EPSS
Exploits1References7
CNNVD
CNNVD
added 2024/02/16 12:0 a.m.6 views

alf.io Code Issues Vulnerabilities

alf.io is open source ticket reservation system. A code issue vulnerability exists in versions prior to Alf.io 2.0-M4-2402 that stems from the presence of a cross-site scripting XSS vulnerability...

4.8CVSS6AI score0.0043EPSS
Exploits1References2
OSV
OSV
added 2024/01/29 10:15 a.m.4 views

CVE-2024-23792

When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affec...

6.5CVSS5.8AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2024/01/29 10:15 a.m.5 views

CVE-2024-23791

Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1...

7.5CVSS5.8AI score0.00515EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/27 12:0 a.m.4 views

OTRS Security Vulnerabilities

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions 8.0.X through 8.0.37. An attacker exploiting this vulnerability could read a plain text password sent back to the client in a server response...

8.1CVSS6.7AI score0.00647EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-32093 · Unknown +2 · Otrs Community Edition +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: An attacker who is logged into OTRS as a user with privileges to create and change customer user data may...

9.8CVSS5.5AI score0.01273EPSS
Exploits0References30
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.3 views

OTRS Security Vulnerabilities

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS prior to 7.0.47, versions prior to 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which stems from a vulnerability that does not prevent an external IMAGE from being...

5.3CVSS6.7AI score0.00459EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.6 views

WordPress WordPress HelpDesk & Support Ticket System Plugin – Octrace Support Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)

Software WordPress HelpDesk & Support Ticket System Plugin – Octrace Support Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/06/23 12:0 a.m.4 views

WordPress WP Ticket Customer Service Software & Support Ticket System Plugin < 5.13 is vulnerable to Cross Site Scripting (XSS)

Software WP Ticket Customer Service Software & Support Ticket System Type Plugin Vulnerable versions 5.13 Fixed in 5.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6a595792e2df...

6AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.7 views

OTRS 安全漏洞

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS AG OTRS 8. An attacker exploited the vulnerability to track user behavior and gain real-time insight into overall system usage...

8.1CVSS7.8AI score0.00526EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2005-3893

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 user parameter in the Login action, and remote authenticated users via the...

7.5CVSS8.8AI score0.07169EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.2 views

SUSE CVE-2010-2080

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.9AI score0.01503EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:52 a.m.4 views

SUSE CVE-2011-2746

Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System OTRS 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors...

4CVSS6.8AI score0.01737EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.3 views

SUSE CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...

2.6CVSS6AI score0.06346EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.3 views

SUSE CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

4.3CVSS6AI score0.05792EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.5 views

SUSE CVE-2013-4718

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search...

5.4CVSS5.9AI score0.00668EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:30 a.m.4 views

SUSE CVE-2014-1695

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...

4.3CVSS6AI score0.04913EPSS
Exploits5References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:0 a.m.18 views

SUSE CVE-2016-5843

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System OTRS allow remote attackers to execute arbitrary SQL commands via crafted search parameters...

9.4CVSS8.8AI score0.03209EPSS
Exploits0References3
Rows per page
Query Builder