Otrs

Otrs

139 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2017-14635

  • EPSS 0.73%
  • Veröffentlicht 21.09.2017 13:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection.

8.8

CVE-2017-9324

  • EPSS 1.36%
  • Veröffentlicht 12.06.2017 06:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all...

6.1

CVE-2017-9299

Exploit
  • EPSS 0.26%
  • Veröffentlicht 29.05.2017 19:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in soft...

6.1

CVE-2016-9139

  • EPSS 0.23%
  • Veröffentlicht 17.02.2017 02:59:13
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.

4.3

CVE-2014-2554

  • EPSS 0.23%
  • Veröffentlicht 23.04.2014 15:55:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.

3.5

CVE-2014-2553

  • EPSS 0.19%
  • Veröffentlicht 02.04.2014 16:05:57
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fie...

4.3

CVE-2014-1695

Exploit
  • EPSS 3.63%
  • Veröffentlicht 01.03.2014 00:01:08
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

7.5

CVE-2014-1471

  • EPSS 1.62%
  • Veröffentlicht 04.02.2014 21:55:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands...

6.8

CVE-2014-1694

Exploit
  • EPSS 0.58%
  • Veröffentlicht 04.02.2014 21:55:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3...

4.3

CVE-2012-4751

Exploit
  • EPSS 5.55%
  • Veröffentlicht 22.10.2012 16:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with w...