17 matches found
CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-48209 Reflected XSS in authenticated agent context
An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...
EUVD-2026-33547
An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...
PT-2026-45265
An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...
EUVD-2026-28437
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-8142 CVE-2026-8142
VINCE versions 3.0.38 and earlier do not properly verify the From address authenticity due to encoding confusion and use the from address for automated actions such as Ticket creation or Ticket updates...
CVE-2026-8142
Technical details are not publicly available in the provided documents. Monitor for updates.
PT-2026-38572
Name of the Vulnerable Software and Affected Versions VINCE versions 3.0.38 and earlier Description Encoding confusion prevents the proper verification of the authenticity of the From address. This allows the From address to be used for unauthorized automated actions, such as ticket creation or...
CVE-2024-6200
HaloITSM versions up to 2.146.1 are affected by a Stored Cross-Site Scripting XSS vulnerability. The injected JavaScript code can execute arbitrary action on behalf of the user accessing a ticket. HaloITSM versions past 2.146.1 and patches starting from 2.143.61 fix the mentioned vulnerability...
CVE-2023-1248
Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...
CVE-2023-1248
Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...
UBUNTU-CVE-2023-1248
Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...
CVE-2023-1248 Possible XSS in Ticket Actions
Improper Input Validation vulnerability in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules allows Cross-Site Scripting XSS.This issue affects OTRS: from 7.0.X before 7.0.42; OTRS Community Edition: from 6.0.1 through 6.0.34...
CVE-2023-1248
CVE-2023-1248 – Affected software and fix guidance : The vulnerability is an improper input validation flaw in OTRS/OTRS Community Edition’s Ticket Actions modules that enables Cross-Site Scripting (XSS). Affected products include OTRS 7.0.X (before 7.0.42) and OTRS Community Edition 6.0.1–6.0.34...
OTRS 跨站脚本漏洞
OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS AG OTRS Ticket Actions modules, OTRS AG OTRS Community Edition Ticket Actions modules, which stems from improper input validation of the product, and affects the following products and...
PT-2023-16838 · Otrs Ag +1 · Otrs +2
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.41 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to an Improper Input Validation vulnerability in the Ticket Actions modules of OTRS AG OTRS and OTRS AG OTRS Community...