CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4717 – Debian Security Advisory 2733-1
https://notcve.org/view.php?id=CVE-2013-4717
05 Aug 2013 — Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. Múltiples vulnerabilidades de inyección S... • https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4088 – Mandriva Linux Security Advisory 2013-188
https://notcve.org/view.php?id=CVE-2013-4088
20 Jun 2013 — Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. El archivo Kernel/Modules/AgentTicketWatcher.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.21, versiones 3.1.x anteriores a 3.1.17, y versiones 3.2.x anteriores a 3.2.8, no... • http://advisories.mageia.org/MGASA-2013-0196.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3551 – Debian Security Advisory 2696-1
https://notcve.org/view.php?id=CVE-2013-3551
29 May 2013 — Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. El archivo Kernel/Modules/AgentTicketPhone.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.20, ver... • http://advisories.mageia.org/MGASA-2013-0196.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 9%CPEs: 54EXPL: 3CVE-2012-4751 – OTRS 3.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4751
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) Help Desk v2.4.x antes de v2.4.15, v3... • https://www.exploit-db.com/exploits/22070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 58EXPL: 3CVE-2012-4600 – OTRS 3.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4600
31 Aug 2012 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Open System Request Ticket (OTRS) Help Desk v2.4.x antes de v2.4.14, v3.0.x antes de v3.0.16, y v3.1.x antes de v3.1.10, cuando se usa Firefo... • https://www.exploit-db.com/exploits/22070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 65EXPL: 2CVE-2012-2582 – OTRS Open Technology Real Services 3.1.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2582
23 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. Múltiples... • https://www.exploit-db.com/exploits/20359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •