Page 15 of 149 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-13458

https://notcve.org/view.php?id=CVE-2019-13458

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, y Community Edition 5.0.x hasta 5.0.36 y 6.0.x hasta 6.0.19. Un atacante que haya iniciado sesión en OTRS como un usuario agente con los permisos apropiados puede aprovechar las etiquetas de notificación de OTRS en las plantillas para revelar las contraseñas de usuario con hash. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://www.otrs.com/category/release-and-security-notes •

CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2018-11563

https://notcve.org/view.php?id=CVE-2018-11563

An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. Se detectó un problema en Open Ticket Request System (OTRS) versión 6.0.x hasta 6.0.7. Un correo electrónico cuidadosamente construido podría ser utilizado para inyectar y ejecutar hojas de estilo o código JavaScript en un navegador del cliente que haya iniciado sesión en el contexto de la aplicación del panel de cliente de OTRS. • https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework https://lists.debian.org/debian-lts-announce/2019/08/msg00018.html https://lists.otrs.org/pipermail/announce/2018/000720.html https://www.otrs.com/category/release-and-security-notes-en •

CVSS: 5.3EPSS: 1%CPEs: 4EXPL: 0

CVE-2019-12497

https://notcve.org/view.php?id=CVE-2019-12497

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. En el cliente o en la interfaz externa, la información personal de los agentes (por ejemplo, Nombre y dirección de correo) se puede divulgar en notas externas. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://community.otrs.com/category/security-advisories-en https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-12248

https://notcve.org/view.php?id=CVE-2019-12248

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.7, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. Un atacante podría enviar un correo electrónico malicioso a un sistema OTRS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00077.html https://lists.debian.org/debian-lts-announce/2019/06/msg00004.html https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://www.otrs.com/category/release-and-security-notes-en •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-9753

https://notcve.org/view.php?id=CVE-2019-9753

An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items. Se descubrió un problema en Open Ticket Request System (OTRS) 7.x anterior de la versión 7.0.5. Un atacante que haya iniciado sesión en OTRS como agente o usuario cliente puede usar las pantallas de resultados de búsqueda para revelar información de entidades del sistema no válidas. • https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •