CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39051 – Perl Code execution in Template Toolkit
https://notcve.org/view.php?id=CVE-2022-39051
05 Sep 2022 — Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package El atacante podría ser capaz de ejecutar código Perl malicioso en el kit de herramientas Template, haciendo que el administrador instale un paquete de 3ª parte no verificado • https://otrs.com/release-notes/otrs-security-advisory-2022-12 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39050 – Possible XSS stored in customer information
https://notcve.org/view.php?id=CVE-2022-39050
05 Sep 2022 — An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external data sources e.g. database or ldap Un atacante que haya iniciado sesión en OTRS como usuario administrador puede manipular el campo de la URL del cliente para almacenar código JavaScript que será ejecutado posteriorm... • https://otrs.com/release-notes/otrs-security-advisory-2022-11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 1%CPEs: 3EXPL: 0CVE-2022-39049 – Possible XSS in Admin Interface
https://notcve.org/view.php?id=CVE-2022-39049
05 Sep 2022 — An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. Un atacante que haya iniciado sesión en OTRS como usuario administrador puede manipular la URL para causar una ejecución de JavaScript en el contexto de OTRS • https://otrs.com/release-notes/otrs-security-advisory-2022-10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-36100 – Authenticated remote code execution
https://notcve.org/view.php?id=CVE-2021-36100
21 Mar 2022 — Specially crafted string in OTRS system configuration can allow the execution of any system command. Una cadena especialmente diseñada en la configuración del sistema OTRS puede permitir la ejecución de cualquier comando del sistema • https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36096 – Support Bundle includes S/Mime and PGP secret or PIN
https://notcve.org/view.php?id=CVE-2021-36096
06 Sep 2021 — Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. Unos Paquetes de Soporte Generados contienen claves privadas S/MIME y PGP si la carpeta que los contiene no está oculta. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versión 6.0.x, versión 6.0.1 y versiones po... • https://otrs.com/release-notes/otrs-security-advisory-2021-10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36095 – User enumeration issue using "lost password" feature
https://notcve.org/view.php?id=CVE-2021-36095
06 Sep 2021 — Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. Un atacante malicioso es capaz de averiguar los inicios de sesión válidos de usuarios al usar la funcionalidad "lost password". Este problema afecta a: OTRS AG ((OTRS)) Community Edition versión 6.0.1 y versiones posteriores. • https://otrs.com/release-notes/otrs-security-advisory-2021-18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36094 – XSS attack in appointment edit popup screen
https://notcve.org/view.php?id=CVE-2021-36094
06 Sep 2021 — It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. Es posible diseñar una petición para la pantalla de edición de citas, lo que podría conllevar a un ataque de tipo XSS. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versión 6.0.x, versión 6.0.1 y versiones posteriores. • https://otrs.com/release-notes/otrs-security-advisory-2021-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36093 – DoS attack using PostMaster filters
https://notcve.org/view.php?id=CVE-2021-36093
06 Sep 2021 — It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. Es posible crear un correo electrónico que puede atascarse mientras es procesado por los filtros PostMaster, causando DoS. Este problema afecta a: OTRS AG ((OTRS)) Community Edition versión 6.0.x, versión 6.0.1 y... • https://otrs.com/release-notes/otrs-security-advisory-2021-16 • CWE-185: Incorrect Regular Expression •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4718
https://notcve.org/view.php?id=CVE-2013-4718
09 Aug 2021 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. Una vulnerabilidad de tipo Cross-site scripting (XSS) en Open Ticket Request System (OTRS) ITSM versiones 3.0.x anteriores a 3.0.9, versiones 3.1.x anteriores a 3.1.10 y versiones 3.2.x anteriores a 3.2.7, permite a usuarios autenticados remotos inyectar script... • https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36092 – XSS attack using special link in email
https://notcve.org/view.php?id=CVE-2021-36092
26 Jul 2021 — It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. Es posible crear un correo electrónico que contenga un enlace especialmente diseñado y que pueda ser usado para llevar a cabo un ataque de tipo XSS. Este problema afecta a: OTRS AG ((OTRS)) Community Edition:... • https://otrs.com/release-notes/otrs-security-advisory-2021-15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •