Otrs

Otrs

138 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2017-9324

  • EPSS 1.36%
  • Veröffentlicht 12.06.2017 06:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all...

6.1

CVE-2017-9299

Exploit
  • EPSS 0.26%
  • Veröffentlicht 29.05.2017 19:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in soft...

6.1

CVE-2016-9139

  • EPSS 0.23%
  • Veröffentlicht 17.02.2017 02:59:13
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.

4.3

CVE-2014-2554

  • EPSS 0.23%
  • Veröffentlicht 23.04.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

3.5

CVE-2014-2553

  • EPSS 0.19%
  • Veröffentlicht 02.04.2014 16:05:57
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fie...

4.3

CVE-2014-1695

Exploit
  • EPSS 3.63%
  • Veröffentlicht 01.03.2014 00:01:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

7.5

CVE-2014-1471

  • EPSS 1.62%
  • Veröffentlicht 04.02.2014 21:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands...

6.8

CVE-2014-1694

Exploit
  • EPSS 0.58%
  • Veröffentlicht 04.02.2014 21:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3...

4.3

CVE-2012-4751

Exploit
  • EPSS 9.86%
  • Veröffentlicht 22.10.2012 16:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with w...

2.6

CVE-2012-4600

Exploit
  • EPSS 1.23%
  • Veröffentlicht 31.08.2012 14:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML v...