3 matches found
EUVD-2021-22727
Malware in sbrugna...
CVE-2025-24388 Unsafe handling of AJAX calls
A vulnerability in the OTRS Admin Interface and Agent Interface versions before OTRS 8 allow parameter injection due to for an autheniticated agent or admin user. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS 2025.X OTRS Community Edition: 6.0.x Products based on the OTRS...
CVE-2025-24387 Missing CSRF protection
A vulnerability in OTRS Application Server allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. A request to an OTRS endpoint from a possible malicious web site, would send the authentication cookie, performing an unwanted read operation. This issue...