342 matches found
UBUNTU-CVE-2017-9324
In Open Ticket Request System OTRS 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URL...
CVE-2017-9324
The CVE-2017-9324 issue affects OTRS versions 3.3.x (up to 3.3.16), 4.x (up to 4.0.23), and 5.x (up to 5.0.19). A user with agent permissions can open a crafted URL (index.pl?Action=Installer with ;Subaction=Intro/Start/System) to gain administrative privileges, then read and modify all system se...
Design/Logic Flaw
Open Ticket Request System OTRS 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=XSS and Direction=XSS attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is n...
CVE-2017-9299
CVE-2017-9299 concerns Open Ticket Request System (OTRS) 3.3.9 with a cross-site scripting vulnerability in the web interface. The vulnerable vector is the index.pl?Action=AgentStats requests, exploitable via crafted OrderBy and Direction parameters to inject script or HTML. The vulnerability is ...
CVE-2016-9139
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...
CVE-2016-9139
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...
UBUNTU-CVE-2016-9139
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...
CVE-2016-9139
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment...
CVE-2016-5843
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System OTRS allow remote attackers to execute arbitrary SQL commands via crafted search parameters...
ALPINE-CVE-2016-5843
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System OTRS allow remote attackers to execute arbitrary SQL commands via crafted search parameters...
Debian Security Advisory DSA 3124-1 (otrs2 - security update)
Thorsten Eckel of Znuny GMBH and Remo Staeuble of InfoGuard discovered a privilege escalation vulnerability in otrs2, the Open Ticket Request System. An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is...
DEBIAN-CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
CVE-2014-2553
CVE-2014-2553 affects OTRS up to versions before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6. The vulnerability is a cross-site scripting (XSS) flaw in dynamic fields that allows a remote authenticated user to inject arbitrary web script or HTML. The condition is based on how dynamic fiel...
CVE-2014-2553
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields...
DEBIAN-CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
CVE-2014-1695
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...
Cross site scripting
Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...