6 matches found
CVE-2018-16586
CVE-2018-16586 affects OTRS: Open Ticket Request System 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11. An attacker can send a malicious email that, when opened by a logged-in user, causes the browser to load external image or CSS resources. The issue is exploited via a crafted...
CVE-2018-19141
CVE-2018-19141 affects Open Ticket Request System (OTRS). The vulnerability is an XSS allowing an admin to manipulate a modified URL due to mishandled user and customer preferences, with impact limited to Contextual JavaScript execution in OTRS. Affected branches are OTRS 4.0.x before 4.0.33 and ...
CVE-2018-14593
CVE-2018-14593 affects Open Ticket Request System (OTRS) versions 6.0.x up to 6.0.9, 5.0.x up to 5.0.28, and 4.0.x up to 4.0.30. An attacker authenticated as an OTRS agent can escalate privileges by accessing a specially crafted URL. Multiple security advisories (Debian, openSUSE, SUSE, OpenVAS) ...
CVE-2018-19143
OTRS pre-4.0.33, pre-5.0.31, and pre-6.0.13 are affected by CVE-2018-19143. An authenticated user can delete arbitrary files via a tampered submission form due to improper upload caching. The issue is fixed in OTRS at least in 4.0.33, 5.0.31, and 6.0.13; upgrading to the respective patched releas...
CVE-2018-16587
The CVE-2018-16587 issue affects Open Ticket Request System (OTRS) on 4.0.x up to 4.0.32, 5.0.x up to 5.0.30, and 6.0.x up to 6.0.11. An attacker can send a crafted email; if a user with admin permissions opens it, the OTRS web server user’s write-accessible files can be deleted. This is triggere...
CVE-2018-19142
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 is affected by a cross-site scripting (XSS) vulnerability that can be exploited via a modified URL. The issue, described in multiple sources (e.g., CVE-2018-19142), is achievable by an administrator and does not appear to be patched in version...