23 matches found
EUVD-2026-33550
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...
CVE-2026-48209
An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...
Linux Distros Unpatched Vulnerability : CVE-2023-1248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scriptin...
Linux Distros Unpatched Vulnerability : CVE-2024-43444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match...
Linux Distros Unpatched Vulnerability : CVE-2020-1776
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case...
UBUNTU-CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
UBUNTU-CVE-2024-23790
Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1...
alf.io 安全漏洞
alf.io is open source ticket reservation system. alfio-event A security vulnerability exists in alf.io versions prior to 2.0-M4-2304, which stems from improper neutralization of formula elements in CSV files...
SUSE CVE-2008-1515
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."...
UBUNTU-CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command...
OTRS 信息泄露漏洞
OTRS is an application from the German company OTRS. A service management software. An information disclosure vulnerability exists in OTRS AG OTRS Community Edition, which arises from the generation of support packages that contain private S MIME and PGP keys if the containing folder is not hidde...
Vulnerability fixed in OTRS
A vulnerability has been fixed in OTRS. A malicious person at remote user could potentially exploit the vulnerability to cause a Denial-of-Service. To do this, the malicious party needs to send a rogue email message that must then be sent by the OTRS application to process. OTRS has released...
Open-source Ticket Request System Code Issue Vulnerability
Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...
DEBIAN-CVE-2020-1770
Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: OTRS Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions...
PT-2020-15046 · Otrs +2 · Otrs +3
Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 5.0.41 and prior OTRS Community Edition versions 6.0.26 and prior OTRS versions 7.0.15 and prior Description: The issue is related to the use of autocomplete in the Username and Password fields on the login...
OTRS Code Issue Vulnerability
Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...
Open-source Ticket Request System Denial of Service Vulnerability
Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...
Open-source Ticket Request System Information Disclosure Vulnerability
Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...
Open-source Ticket Request System Input Validation Error Vulnerability
Open-source Ticket Request System OTRS is an open-source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and the...
OTRS Information Disclosure Vulnerability
OTRS Open-source Ticket Request System is a set of open source defect tracking and management system software from OTRS Group in Germany. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and th...