Vulnerabilities
Vulnerable Software
Otrs:  >> Otrs  >> 7.0.19  Security Vulnerabilities
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS.
CVSS Score
3.5
EPSS Score
0.005
Published
2022-09-05
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
CVSS Score
3.5
EPSS Score
0.007
Published
2022-06-13
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
CVSS Score
5.3
EPSS Score
0.008
Published
2022-06-13
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
CVSS Score
3.5
EPSS Score
0.007
Published
2022-06-13
Specially crafted string in OTRS system configuration can allow the execution of any system command.
CVSS Score
6.4
EPSS Score
0.013
Published
2022-03-21
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
CVSS Score
3.5
EPSS Score
0.004
Published
2022-03-21
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
CVSS Score
4.3
EPSS Score
0.006
Published
2022-03-21
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions.
CVSS Score
3.8
EPSS Score
0.005
Published
2022-02-07
Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
CVSS Score
5.2
EPSS Score
0.008
Published
2021-07-26
Agents are able to list customer user emails without required permissions in the bulk action screen. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27.
CVSS Score
3.5
EPSS Score
0.009
Published
2021-07-26


Contact Us

Shodan ® - All rights reserved