Lucene search
K

7 matches found

Prion
Prion
added 2020/02/21 4:15 p.m.22 views

Design/Logic Flaw

Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System OTRS 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent...

4CVSS6.8AI score0.01577EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2020/02/21 4:15 p.m.28 views

Design/Logic Flaw

Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket spl...

4CVSS6.8AI score0.02366EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/02/21 3:48 p.m.147 views

CVE-2013-4088

Summary (CVE-2013-4088) : Open Ticket Request System (OTRS) components Kernel/Modules/AgentTicketWatcher.pm in OTRS 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 allowed remote attackers with a valid agent login to read restricted tickets via a crafted URL using the ticket spli...

6.5CVSS6.2AI score0.02366EPSS
Exploits0References4Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

otrs 3.1 - Stored XSS vulnerability

No description provided by source. !/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Services Version: 3.1.8, 3.1.9 and 3.1.10 Vendor Homepage: http://otrs.org CVE: 2012-4751 Timeline: 03 Sep 2012: Vulnerability reported + fix to...

7.1AI score
Exploits0
Debian CVE
Debian CVE
added 2014/02/28 5:0 p.m.35 views

CVE-2014-1695

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...

4.3CVSS7.4AI score0.04913EPSS
Exploits5
Cvelist
Cvelist
added 2014/02/04 4:0 p.m.26 views

CVE-2014-1471

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...

8AI score0.01827EPSS
Exploits0References11
FreeBSD
FreeBSD
added 2012/08/22 12:0 a.m.31 views

otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution

The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. Due to the XSS vulnerability in Internet Explorer an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your Internet Explorer while...

4.3CVSS6AI score0.04195EPSS
Exploits1References1
Rows per page
Query Builder