Filtered by vendor Otrs
Subscriptions
Total
152 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-19143 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete files via a modified submission form because upload caching is mishandled. | ||||
CVE-2018-19142 | 1 Otrs | 1 Open Ticket Request System | 2024-11-21 | N/A |
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. | ||||
CVE-2018-19141 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled. | ||||
CVE-2018-17883 | 1 Otrs | 1 Otrs | 2024-11-21 | 6.1 Medium |
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. | ||||
CVE-2018-16587 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to. | ||||
CVE-2018-16586 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or CSS resources. | ||||
CVE-2018-14593 | 2 Debian, Otrs | 2 Debian Linux, Open Ticket Request System | 2024-11-21 | N/A |
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL. | ||||
CVE-2018-11563 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 4.6 Medium |
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. | ||||
CVE-2018-10198 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. | ||||
CVE-2017-9324 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | N/A |
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end. | ||||
CVE-2017-9299 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software from 2014. The 3.3.20 release, for example, is not affected. | ||||
CVE-2017-17476 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | N/A |
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email. | ||||
CVE-2017-16921 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | N/A |
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. | ||||
CVE-2017-16854 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | N/A |
In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets. | ||||
CVE-2017-16664 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | N/A |
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation. | ||||
CVE-2017-15864 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | N/A |
In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password. | ||||
CVE-2017-14635 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. | ||||
CVE-2016-9139 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. | ||||
CVE-2016-5843 | 1 Otrs | 1 Faq | 2024-11-21 | N/A |
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters. | ||||
CVE-2014-9324 | 1 Otrs | 1 Otrs Help Desk | 2024-11-21 | N/A |
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors. |