Latest medium severity vulnerabilities for "otrs" 7.0.0

OTRSInsufficient access control

medium

6.5

EPSS

0.05%

First published (updated )

CVE-2024-23792

OTRSInfoleak

medium

5.3

First published (updated )

CVE-2023-38059

OTRSPossible XSS execution in customer information

medium

5.5

First published (updated )

CVE-2023-5421

OTRSXSS stored in survey answers

medium

5.4

First published (updated )

CVE-2023-38057

OTRSPossible XSS in Ticket Actions

medium

6.1

First published (updated )

CVE-2023-1248

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSPossible XSS stored in customer information

medium

4.8

First published (updated )

CVE-2022-39050

OTRSPossible XSS in Admin Interface

medium

4.8

First published (updated )

CVE-2022-39049

OTRSInformation disclosure in Request New Password feature

medium

5.3

First published (updated )

CVE-2022-32741

OTRSInformation disclosure in the External Interface

medium

5.3

First published (updated )

CVE-2022-32740

Otrs Calendar Resource PlanningOTRS version number is always in the exported ICS files

medium

5.3

First published (updated )

CVE-2022-32739

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSInformation disclosure in the External Interface

medium

4.3

First published (updated )

CVE-2022-1004

OTRSPossible XSS attack via translation

medium

5.4

First published (updated )

CVE-2022-0475

OTRSDynamic field error message is vulnerable to XSS

medium

4.8

First published (updated )

CVE-2022-0473

OTRSUser enumeration issue using "lost password" feature

medium

5.3

First published (updated )

CVE-2021-36095

OTRSDoS attack using PostMaster filters

medium

5.3

First published (updated )

CVE-2021-36093

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSXSS attack in appointment edit popup screen

medium

5.7

First published (updated )

CVE-2021-36094

OTRSSupport Bundle includes S/Mime and PGP secret or PIN

medium

5.2

First published (updated )

CVE-2021-36096

OTRSXSS attack using special link in email

medium

6.5

First published (updated )

CVE-2021-36092

OTRSUnautorized access to the calendar appointments

medium

4.3

First published (updated )

CVE-2021-36091

OTRSUnautorized listing of the customer user emails

medium

4.3

First published (updated )

CVE-2021-21443

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSSupport Bundle includes S/Mime and PGP keys

medium

6.5

First published (updated )

CVE-2021-21440

OTRSPossible DoS attack using a special crafted URL in email body

medium

6.5

First published (updated )

CVE-2021-21439

OTRSFAQ articles are shown to users without permission

medium

4.3

First published (updated )

CVE-2021-21438

OTRSXSS in Survey Module

medium

4.8

First published (updated )

CVE-2021-21434

OTRSInformation exposure in PDF export

medium

6.5

First published (updated )

CVE-2021-21435

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSDynamic templates reveal sensitive data when OTRS tags are used

medium

4.9

First published (updated )

CVE-2020-1779

OTRSAgent names disclosed in chat feature

medium

5.3

First published (updated )

CVE-2020-1777

OTRSInvalidating or changing user does not invalidate session

medium

4.3

First published (updated )

CVE-2020-1776

OTRSInformation disclosure in external interface

medium

4.3

First published (updated )

CVE-2020-1775

OTRSInformation disclosure

medium

4.9

First published (updated )

CVE-2020-1774

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

OTRSInsufficient access control

OTRSInfoleak

OTRSPossible XSS execution in customer information

OTRSXSS stored in survey answers

OTRSPossible XSS in Ticket Actions

Never miss a vulnerability like this again

OTRSPossible XSS stored in customer information

OTRSPossible XSS in Admin Interface

OTRSInformation disclosure in Request New Password feature

OTRSInformation disclosure in the External Interface

Otrs Calendar Resource PlanningOTRS version number is always in the exported ICS files

Never miss a vulnerability like this again

OTRSInformation disclosure in the External Interface

OTRSPossible XSS attack via translation

OTRSDynamic field error message is vulnerable to XSS

OTRSUser enumeration issue using "lost password" feature

OTRSDoS attack using PostMaster filters

Never miss a vulnerability like this again

OTRSXSS attack in appointment edit popup screen

OTRSSupport Bundle includes S/Mime and PGP secret or PIN

OTRSXSS attack using special link in email

OTRSUnautorized access to the calendar appointments

OTRSUnautorized listing of the customer user emails

Never miss a vulnerability like this again

OTRSSupport Bundle includes S/Mime and PGP keys

OTRSPossible DoS attack using a special crafted URL in email body

OTRSFAQ articles are shown to users without permission

OTRSXSS in Survey Module

OTRSInformation exposure in PDF export

Never miss a vulnerability like this again

OTRSDynamic templates reveal sensitive data when OTRS tags are used

OTRSAgent names disclosed in chat feature

OTRSInvalidating or changing user does not invalidate session

OTRSInformation disclosure in external interface

OTRSInformation disclosure

Never miss a vulnerability like this again

Company

Resources

Contact