Recently modified medium severity vulnerabilities for "otrs"

OTRSMissing CSRF protection

medium

4.8

First published (updated )

CVE-2025-24387

OTRSPossible XSS in Ticket Actions

medium

6.1

First published (updated )

CVE-2023-1248

OTRSSMTP Password will be shown in cleartext on some SMTP errors

medium

6.3

EPSS

0.04%

First published (updated )

CVE-2025-24389

OTRSMissing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing

medium

5.4

First published (updated )

CVE-2024-43445

OTRSMissing Cookie Flags

medium

6.8

EPSS

0.04%

First published (updated )

CVE-2025-24390

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSXSS

medium

6.1

First published (updated )

CVE-2018-17883

OTRSPossible XSS execution in customer information

medium

5.5

First published (updated )

CVE-2023-5421

OTRSXSS

medium

4.8

First published (updated )

CVE-2019-9751

OTRSXSS

medium

5.4

First published (updated )

CVE-2019-9752

OTRSInsufficient access control

medium

6.5

EPSS

0.05%

First published (updated )

CVE-2024-23792

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSTickets can be moved without permissions

medium

4.3

First published (updated )

CVE-2023-38058

OTRSXSS stored in survey answers

medium

5.4

First published (updated )

CVE-2023-38057

OTRSXSS in Survey Module

medium

4.8

First published (updated )

CVE-2021-21434

OTRSPossible XSS in Customer user address book

medium

5.4

First published (updated )

CVE-2020-1771

OTRSXSS attack using special link in email

medium

6.5

First published (updated )

CVE-2021-36092

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSInformation disclosure in the External Interface

medium

4.3

First published (updated )

CVE-2022-1004

OTRSPossible XSS attack via translation

medium

5.4

First published (updated )

CVE-2022-0475

OTRSFAQ articles are shown to users without permission

medium

4.3

First published (updated )

CVE-2021-21438

OTRSAutocomplete in the form login screens

medium

4.3

First published (updated )

CVE-2020-1769

OTRSThe CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote auth…

medium

6.5

First published (updated )

CVE-2008-7279

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSAgent names disclosed in chat feature

medium

5.3

First published (updated )

CVE-2020-1777

OTRSInvalidating or changing user does not invalidate session

medium

4.3

First published (updated )

CVE-2020-1776

OTRSImproper handling of uploaded inline images

medium

6.1

First published (updated )

CVE-2020-1766

OTRSThe S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE…

medium

5

First published (updated )

CVE-2009-5057

OTRSInput Validation

medium

4.3

First published (updated )

CVE-2010-4766

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSAgents are able to lock the ticket without the "Owner" permission

medium

4.3

First published (updated )

CVE-2021-36097

OTRSInformation exposure in PDF export

medium

6.5

First published (updated )

CVE-2021-21435

OTRSInformation disclosure in external interface

medium

4.3

First published (updated )

CVE-2020-1775

OTRSThe customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 d…

medium

4

First published (updated )

CVE-2010-4761

OTRSSpoofing of From field in several screens

medium

5.3

First published (updated )

CVE-2020-1765

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Trending

Versions

OTRSMissing CSRF protection

OTRSPossible XSS in Ticket Actions

OTRSSMTP Password will be shown in cleartext on some SMTP errors

OTRSMissing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing

OTRSMissing Cookie Flags

Never miss a vulnerability like this again

OTRSXSS

OTRSPossible XSS execution in customer information

OTRSXSS

OTRSXSS

OTRSInsufficient access control

Never miss a vulnerability like this again

OTRSTickets can be moved without permissions

OTRSXSS stored in survey answers

OTRSXSS in Survey Module

OTRSPossible XSS in Customer user address book

OTRSXSS attack using special link in email

Never miss a vulnerability like this again

OTRSInformation disclosure in the External Interface

OTRSPossible XSS attack via translation

OTRSFAQ articles are shown to users without permission

OTRSAutocomplete in the form login screens

OTRSThe CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote auth…

Never miss a vulnerability like this again

OTRSAgent names disclosed in chat feature

OTRSInvalidating or changing user does not invalidate session

OTRSImproper handling of uploaded inline images

OTRSThe S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE…

OTRSInput Validation

Never miss a vulnerability like this again

OTRSAgents are able to lock the ticket without the "Owner" permission

OTRSInformation exposure in PDF export

OTRSInformation disclosure in external interface

OTRSThe customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 d…

OTRSSpoofing of From field in several screens

Never miss a vulnerability like this again

Company

Resources

Contact