CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2010-2080
https://notcve.org/view.php?id=CVE-2010-2080
20 Sep 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) v2.3.x anteriores a v2.3.6 y v2.4.x anteriores a v2.4.8, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no espe... • http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0438
https://notcve.org/view.php?id=CVE-2010-0438
09 Feb 2010 — Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Kernel/System/Ticket.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.1.x anteriores a v2.1.9, v2.2.x anteriores a v2.2.9, v2.3.x anteriores a v2.3.5, y v2.4.x anterio... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1515
https://notcve.org/view.php?id=CVE-2008-1515
01 Apr 2008 — The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." La interfaz SOAP en OTRS versión 2.1.x anterior a 2.1.8 y versión 2.2.x anterior a 2.2.6, permite a los atacantes remotos “read and modify objects" por medio de peticiones SOAP, relacionadas con "Missing security checks" • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 7%CPEs: 1EXPL: 3CVE-2007-2524 – OTRS 2.0.4 - index.pl Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2524
08 May 2007 — Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo index.pl en Open Ticket Request System (OTRS) versión 2.0.x, permite a los... • https://www.exploit-db.com/exploits/29962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2005-3895
https://notcve.org/view.php?id=CVE-2005-3895
29 Nov 2005 — Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html •
CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 4CVE-2005-3893 – OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2005-3893
29 Nov 2005 — Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. • https://www.exploit-db.com/exploits/26551 •
CVSS: 5.4EPSS: 8%CPEs: 6EXPL: 3CVE-2005-3894 – OTRS 2.0 - 'index.pl' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-3894
29 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. • https://www.exploit-db.com/exploits/26552 •