CVE-2010-2080
- EPSS 1.5%
- Veröffentlicht 20.09.2010 21:00:01
- Zuletzt bearbeitet 16.06.2026 23:19:56
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0438
- EPSS 1.93%
- Veröffentlicht 09.02.2010 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:10
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitra...
CVE-2008-1515
- EPSS 2.02%
- Veröffentlicht 01.04.2008 17:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:53
The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."
CVE-2007-2524
- EPSS 4.54%
- Veröffentlicht 08.05.2007 23:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:46
Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 origina...
CVE-2005-3893
- EPSS 7.17%
- Veröffentlicht 29.11.2005 21:03:00
- Zuletzt bearbeitet 16.06.2026 22:17:49
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the L...
CVE-2005-3894
- EPSS 6.25%
- Veröffentlicht 29.11.2005 21:03:00
- Zuletzt bearbeitet 16.06.2026 22:17:50
Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the...
CVE-2005-3895
- EPSS 2.05%
- Veröffentlicht 29.11.2005 21:03:00
- Zuletzt bearbeitet 16.06.2026 22:17:50
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, whi...