Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-8028

Malware in sbrugna...

6.5CVSS7.3AI score0.0149EPSS
Exploits0References5
CVE
CVE
added 2025/09/20 6:43 a.m.26 views

CVE-2025-10658

CVE-2025-10658 affects the WordPress plugin SupportCandy – Helpdesk & Customer Support Ticket System, versions

6.5CVSS5.8AI score0.00318EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/20 6:43 a.m.1 views

CVE-2025-10658 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.7 - Authentication Bypass to Support Session Takeover

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiting on the OTP verification for guest login. This makes it possible for unauthenticated attackers ...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/21 8:1 p.m.10 views

CVE-2008-7279

The CustomerInterface component in Open Ticket Request System OTRS before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors...

6.5CVSS6.7AI score0.01013EPSS
Exploits0References1
OSV
OSV
added 2025/04/05 9:15 p.m.8 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

8.1CVSS6.4AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/07/16 2:43 a.m.4 views

SUSE CVE-2024-6540

Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...

5.7CVSS6.7AI score0.00385EPSS
Exploits0References3
CVE
CVE
added 2023/02/03 12:0 a.m.46 views

CVE-2022-48023

Zammad CVE-2022-48023: A privilege-verification flaw in Zammad v5.3.0 permits an authenticated user to modify ticket tags via the API. The issue is corrected in v5.3.1, restricting tag changes to agents with write permissions. The available documents do not provide exploitation details. If using ...

4.3CVSS4.6AI score0.00449EPSS
Exploits0References1Affected Software1
Huntr
Huntr
added 2021/12/20 9:40 a.m.20 views

Cross-site Scripting (XSS) - Stored in polonel/trudesk

Description There are several areas in the web application that are vulnerable to stored XSS. They include: The chat feature when sending messages /messages/startconversation The name field when creating a department /departments Name field when creating teams /teams You can also exploit the XSS...

6AI score
Exploits0
Prion
Prion
added 2020/06/16 11:15 p.m.14 views

Code injection

In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent e.g., read internal data, split, or merge...

5.5CVSS5.4AI score0.00562EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.40 views

Debian DLA-1877-1 : otrs2 security update

Several security issues have been fixed in otrs2, a well known trouble ticket system. CVE-2018-11563 An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. CVE-2019-12746 A user logged into OTRS as a...

6.5CVSS5.7AI score0.02018EPSS
Exploits0References5
NVD
NVD
added 2018/06/06 8:29 p.m.18 views

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

4.3CVSS4.3AI score0.00954EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/06/06 8:29 p.m.19 views

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

4.3CVSS5.9AI score0.00954EPSS
Exploits0References3
OSV
OSV
added 2018/06/06 8:29 p.m.11 views

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

4.3CVSS4.7AI score
Exploits0References1
Cvelist
Cvelist
added 2018/06/06 8:0 p.m.16 views

CVE-2018-10198

An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets...

4.3AI score0.00954EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/18 12:0 a.m.2 views

Open Ticket Request System Information Disclosure Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the service...

6.5CVSS6.3AI score0.0149EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/12/08 5:29 p.m.22 views

CVE-2017-16854

In Open Ticket Request System OTRS through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets...

6.5CVSS6.8AI score0.0149EPSS
Exploits0References3
Prion
Prion
added 2017/12/08 5:29 p.m.15 views

Open redirect

In Open Ticket Request System OTRS through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets...

4CVSS6.4AI score0.0149EPSS
Exploits0References3Affected Software2
Debian CVE
Debian CVE
added 2017/12/08 5:0 p.m.20 views

CVE-2017-16854

In Open Ticket Request System OTRS through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets...

6.5CVSS7.3AI score0.0149EPSS
Exploits0
FreeBSD
FreeBSD
added 2017/11/21 12:0 a.m.41 views

OTRS -- Multiple vulnerabilities

OTRS reports: An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal...

8.8CVSS8.1AI score0.02492EPSS
Exploits0References4
Hacker One
Hacker One
added 2015/09/23 9:18 a.m.29 views

Zendesk: CSV Excel Macro Injection Vulnerability in export customer tickets

Scenario: An attacker creates a name as =AND21 and creates a ticket. When a team member clicks export as csv and opens it instead of seeing =AND21 they see TRUE. This means that the cell is active. An attacker could basically attack makes a ticket, use -2+3+cmd|' /C calc'!E1 and could execute...

0.5AI score
Exploits0
Rows per page
Query Builder