5 matches found
CVE-2025-24389
CVE-2025-24389 affects OTRS and related builds (OTRS 7.0.X, 8.0.X, 2023.X, 2024.X and ((OTRS)) Community Edition 6.0.x; products based on CE are likely affected). The root cause is described as certain errors in upstream libraries that cause sensitive information to be written to the OTRS log mec...
CVE-2024-43443
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....
CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
CVE-2024-6540 Information exlosure in external interface
Improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS could allow an authorized user to download a list of tickets containing information about tickets of other customers. The problem only occurs if the TicketSearchLegacyEngine has be...