Lucene search
K

16 matches found

CVE
CVE
added 2026/06/01 3:32 a.m.27 views

CVE-2026-48209

OTRS Community Edition 7.0.x is vulnerable to reflected XSS due to improper neutralization of user-controllable input in ticket handling. Attackers who are authenticated can exploit crafted request parameters in ticket actions to inject JavaScript via manipulated request URLs, executing code in t...

7.1CVSS6AI score0.00219EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-36094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG OTRS Community Edition 6.0.x versi...

5.7CVSS5.7AI score0.0059EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-1766

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from...

6.1CVSS5.7AI score0.01273EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/01/28 12:23 a.m.4 views

SUSE CVE-2024-43445

A vulnerability exists in OTRS and OTRS Community Edition that fail to set the HTTP response header X-Content-Type-Options to nosniff. An attacker could exploit this vulnerability by uploading or inserting content that would be treated as a different MIME type than intended. This issue affects:...

5.4CVSS6.8AI score0.00224EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.3 views

PT-2023-32094 · Openssl +2 · Openssl +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.46 OTRS versions 8.0.X through 8.0.36 OTRS Community Edition versions 6.0.X through 6.0.34 Description: The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static S...

9.8CVSS4.9AI score0.01273EPSS
Exploits0References31
OSV
OSV
added 2023/03/20 9:15 a.m.4 views

CVE-2023-1248

Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...

6.1CVSS5.8AI score0.00431EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-1768

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS 7.0.x version 7.0.14 and prior versions...

5.5CVSS5.5AI score0.00747EPSS
Exploits0References3
NCSC
NCSC
added 2022/10/17 12:0 a.m.4 views

Vulnerabilities fixed in OTRS

OTRS developers have fixed vulnerabilities in OTRS 7 and 8. A malicious party could exploit them to perform a denial-of-service DoS or to gain access to sensitive data. To perform the denial-of-service, the malicious need not be remotely authenticated. OTRS has released updates to fix the...

7.5CVSS6.9AI score0.00562EPSS
Exploits0
OSV
OSV
added 2022/03/21 10:15 a.m.4 views

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings where HTML is allowed. The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions...

5.4CVSS5.8AI score0.0043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/10/14 12:0 a.m.2 views

PT-2023-16838 · Otrs Ag +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.41 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to an Improper Input Validation vulnerability in the Ticket Actions modules of OTRS AG OTRS and OTRS AG OTRS Community...

9.8CVSS4.8AI score0.01273EPSS
Exploits0References34
OSV
OSV
added 2021/09/06 2:15 p.m.2 views

CVE-2021-36093

It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions...

5.3CVSS5.8AI score0.01108EPSS
Exploits0References1
OSV
OSV
added 2021/07/26 5:15 a.m.3 views

DEBIAN-CVE-2021-21443

Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

4.3CVSS5.5AI score0.0085EPSS
Exploits0References1
OSV
OSV
added 2021/07/26 5:15 a.m.7 views

CVE-2021-36092

It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG OTRS Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior version...

6.1CVSS5.8AI score0.00717EPSS
Exploits0References1
OSV
OSV
added 2021/06/14 8:15 a.m.1 views

UBUNTU-CVE-2021-21439

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS...

6.5CVSS6.1AI score0.00976EPSS
Exploits0References3
OSV
OSV
added 2021/02/08 11:15 a.m.2 views

UBUNTU-CVE-2021-21435

Article Bcc fields and agent personal information are shown when customer prints the ticket PDF via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions...

6.5CVSS5.8AI score0.01273EPSS
Exploits0References3
OSV
OSV
added 2020/01/10 3:15 p.m.1 views

DEBIAN-CVE-2020-1766

Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior...

6.1CVSS5.2AI score0.01273EPSS
Exploits0References1
Rows per page
Query Builder