Lucene search
+L
OtrsOpen Ticket Request System

6 matches found

CVE
CVE
added 2018/09/28 12:0 a.m.77 views

CVE-2018-16586

CVE-2018-16586 affects OTRS: Open Ticket Request System 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11. An attacker can send a malicious email that, when opened by a logged-in user, causes the browser to load external image or CSS resources. The issue is exploited via a crafted...

4.3CVSS5.2AI score0.01485EPSS
CVE
CVE
added 2018/11/11 5:0 a.m.77 views

CVE-2018-19141

CVE-2018-19141 affects Open Ticket Request System (OTRS). The vulnerability is an XSS allowing an admin to manipulate a modified URL due to mishandled user and customer preferences, with impact limited to Contextual JavaScript execution in OTRS. Affected branches are OTRS 4.0.x before 4.0.33 and ...

4.8CVSS5.2AI score0.00673EPSS
CVE
CVE
added 2018/08/03 4:0 p.m.75 views

CVE-2018-14593

CVE-2018-14593 affects Open Ticket Request System (OTRS) versions 6.0.x up to 6.0.9, 5.0.x up to 5.0.28, and 4.0.x up to 4.0.30. An attacker authenticated as an OTRS agent can escalate privileges by accessing a specially crafted URL. Multiple security advisories (Debian, openSUSE, SUSE, OpenVAS) ...

8.8CVSS8.5AI score0.019EPSS
CVE
CVE
added 2018/11/11 5:0 a.m.73 views

CVE-2018-19143

OTRS pre-4.0.33, pre-5.0.31, and pre-6.0.13 are affected by CVE-2018-19143. An authenticated user can delete arbitrary files via a tampered submission form due to improper upload caching. The issue is fixed in OTRS at least in 4.0.33, 5.0.31, and 6.0.13; upgrading to the respective patched releas...

6.5CVSS6.1AI score0.00861EPSS
CVE
CVE
added 2018/09/28 12:0 a.m.67 views

CVE-2018-16587

The CVE-2018-16587 issue affects Open Ticket Request System (OTRS) on 4.0.x up to 4.0.32, 5.0.x up to 5.0.30, and 6.0.x up to 6.0.11. An attacker can send a crafted email; if a user with admin permissions opens it, the OTRS web server user’s write-accessible files can be deleted. This is triggere...

6.5CVSS6.5AI score0.01754EPSS
CVE
CVE
added 2018/11/11 5:0 a.m.49 views

CVE-2018-19142

Open Ticket Request System (OTRS) 6.0.x before 6.0.13 is affected by a cross-site scripting (XSS) vulnerability that can be exploited via a modified URL. The issue, described in multiple sources (e.g., CVE-2018-19142), is achievable by an administrator and does not appear to be patched in version...

4.8CVSS4.8AI score0.00547EPSS