Otrs

Otrs

139 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2010-4071

  • EPSS 0.45%
  • Veröffentlicht 20.01.2011 19:00:05
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.

5

CVE-2010-3476

  • EPSS 1.41%
  • Veröffentlicht 20.09.2010 22:00:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) v...

3.5

CVE-2010-2080

  • EPSS 0.22%
  • Veröffentlicht 20.09.2010 21:00:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

6.5

CVE-2010-0438

  • EPSS 0.86%
  • Veröffentlicht 09.02.2010 19:30:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitra...

6.4

CVE-2008-1515

  • EPSS 0.71%
  • Veröffentlicht 01.04.2008 17:44:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."

4.3

CVE-2007-2524

Exploit
  • EPSS 5.8%
  • Veröffentlicht 08.05.2007 23:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 origina...

7.5

CVE-2005-3893

Exploit
  • EPSS 12.37%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the L...

4.3

CVE-2005-3894

Exploit
  • EPSS 8.21%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the...

5.8

CVE-2005-3895

  • EPSS 1.27%
  • Veröffentlicht 29.11.2005 21:03:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, whi...