CVE-2017-9299
- EPSS 0.77%
- Veröffentlicht 29.05.2017 19:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in soft...
CVE-2016-9139
- EPSS 0.82%
- Veröffentlicht 17.02.2017 02:59:13
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
CVE-2014-2554
- EPSS 1.48%
- Veröffentlicht 23.04.2014 15:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
CVE-2014-2553
- EPSS 1.45%
- Veröffentlicht 02.04.2014 16:05:57
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fie...
CVE-2014-1695
- EPSS 4.91%
- Veröffentlicht 01.03.2014 00:01:08
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.
CVE-2014-1471
- EPSS 1.83%
- Veröffentlicht 04.02.2014 21:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands...
CVE-2014-1694
- EPSS 1.48%
- Veröffentlicht 04.02.2014 21:55:05
- Zuletzt bearbeitet 29.04.2026 01:13:23
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3...
CVE-2012-4751
- EPSS 5.79%
- Veröffentlicht 22.10.2012 16:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:40
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with w...
CVE-2012-4600
- EPSS 6.35%
- Veröffentlicht 31.08.2012 14:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:28
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML v...
CVE-2012-2582
- EPSS 4.2%
- Veröffentlicht 23.08.2012 10:32:14
- Zuletzt bearbeitet 16.06.2026 23:41:43
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow r...