2 matches found
CVE-2019-10066
Open Ticket Request System (OTRS) 7.x up to 7.0.6, Community Edition 6.0.x up to 6.0.17, and OTRSAppointmentCalendar 5.0.x up to 5.0.12 are affected by CVE-2019-10066. The issue allows an attacker who is logged in as an OTRS agent with appropriate permissions to craft a calendar appointment that ...
CVE-2019-9892
CVE-2019-9892 affects Open Ticket Request System (OTRS) versions 5.x (up to 5.0.34), 6.x (up to 6.0.17), and 7.x (up to 7.0.6). An agent with appropriate permissions can import a specially crafted Report Statistics XML, triggering an XML External Entity (XXE) processing flaw that may cause the sy...