342 matches found
Design/Logic Flaw
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn'...
PT-2020-9940 · Otrs +2 · Otrs +2
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 7.0.x through 7.0.12 Open Ticket Request System OTRS Community Edition versions 5.0.x through 5.0.38 Open Ticket Request System OTRS Community Edition versions 6.0.x through 6.0.23 Description: An issu...
DEBIAN-CVE-2019-18180
Improper Check for filenames with overly long extensions in PostMaster sending in email or uploading files e.g. attaching files to mails of OTRS Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: OTRS Community Edition 5.0.x version 5.0.38...
CVE-2019-12746
An issue was discovered in Open Ticket Request System OTRS Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be...
CVE-2019-13458
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to...
CVE-2019-13458
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to...
DEBIAN-CVE-2019-13458
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to...
Design/Logic Flaw
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to...
UBUNTU-CVE-2019-12746
An issue was discovered in Open Ticket Request System OTRS Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be...
CVE-2019-13458
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to...
Design/Logic Flaw
An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application...
UBUNTU-CVE-2018-11563
An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application...
PT-2019-8786 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 6.0.x through 6.0.7 Description: An issue was discovered where a carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged-in customer's browse...
CVE-2019-12248
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to...
CVE-2019-12497
An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents e.g., Name and mail address can be disclosed in external notes...
CVE-2019-12497
CVE-2019-12497 affects Open Ticket Request System (OTRS) 7.0.x up to 7.0.8, Community Edition 6.0.x up to 6.0.19, and Community Edition 5.0.x up to 5.0.36. Description: in the customer/external frontend, personal information of agents (e.g., name and email address) could be disclosed in external ...
CVE-2019-9753
An issue was discovered in Open Ticket Request System OTRS 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ...
DEBIAN-CVE-2019-9892
An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...
UBUNTU-CVE-2019-10066
An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment ...
UBUNTU-CVE-2019-9892
An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...