2 matches found
CVE-2025-10696
OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...
PT-2024-37700 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 8.0.X through 2024.4.x OTRS version 2023.X Description: The issue is related to improper filtering of fields when using the export function in the ticket overview of the external interface in OTRS. This could allow an authorized...