Page 4 of 149 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. • https://otrs.com/release-notes/otrs-security-advisory-2023-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. Vulnerabilidad de validación de entrada incorrecta en OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition permite la inyección de SQL a través de TicketSearch Webservice. Este problema afecta a OTRS: desde 7.0.1 antes de 7.0.40 parche 1, desde 8.0.1 antes de 8.0.28 parche 1 ; ((OTRS)) Community Edition: desde 6.0.1 hasta 6.0.34. • https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2022-15 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Article template contents with sensitive data could be accessed from agents without permissions. Se podía acceder al contenido de las plantillas de artículos con datos confidenciales desde agentes sin permisos • https://otrs.com/release-notes/otrs-security-advisory-2022-14 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An external attacker is able to send a specially crafted email (with many recipients) and trigger a potential DoS of the system Un atacante externo es capaz de enviar un correo electrónico especialmente diseñado (con muchos destinatarios) y desencadenar un potencial DoS del sistema • https://otrs.com/release-notes/otrs-security-advisory-2022-13 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

Attacker might be able to execute malicious Perl code in the Template toolkit, by having the admin installing an unverified 3th party package El atacante podría ser capaz de ejecutar código Perl malicioso en el kit de herramientas Template, haciendo que el administrador instale un paquete de 3ª parte no verificado • https://otrs.com/release-notes/otrs-security-advisory-2022-12 • CWE-913: Improper Control of Dynamically-Managed Code Resources •