CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-12746
https://notcve.org/view.php?id=CVE-2019-12746
21 Aug 2019 — An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. A user logged into OTRS as an agent might unknowingly disclose their session ID by sharing the link of an embedded ticket article with third parties. This identifier can be then be potentially abused in order to impersonate the agent user. Se descubrió un problema en el Open Ticket Request System (OTRS) Community Edition 5.0.x hasta 5.0.36 y 6.0.x hasta 6.0.19. Un usuario que inició ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-13458
https://notcve.org/view.php?id=CVE-2019-13458
21 Aug 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19. An attacker who is logged into OTRS as an agent user with appropriate permissions can leverage OTRS notification tags in templates in order to disclose hashed user passwords. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, y Community Edition 5.0.x hasta 5.0.36 y 6.0.x hasta 6.0.19. Un atacante que haya iniciado sesión en OTRS... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11563
https://notcve.org/view.php?id=CVE-2018-11563
08 Jul 2019 — An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary stylesheet or JavaScript code in a logged in customer's browser in the context of the OTRS customer panel application. Se detectó un problema en Open Ticket Request System (OTRS) versión 6.0.x hasta 6.0.7. Un correo electrónico cuidadosamente construido podría ser utilizado para inyectar y ejecutar hojas de estilo o código JavaScript en un navegador de... • https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-12497
https://notcve.org/view.php?id=CVE-2019-12497
17 Jun 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. En el cliente o en la interfaz externa, la informació... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-12248
https://notcve.org/view.php?id=CVE-2019-12248
17 Jun 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.7, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. Un atacante podría envi... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10066
https://notcve.org/view.php?id=CVE-2019-10066
21 May 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS. Se encontró un problema en Open Ticket Request System (OTRS) versión 7.x hasta 7.0.6, Community Edition versión 6.0.x hasta 6.0.17 y OTRSAppointmen... • https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9892
https://notcve.org/view.php?id=CVE-2019-9892
21 May 2019 — An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. Se encontró un problema en Open Ticket Request System (OTRS) en las versiones 5.x hasta 5.0.34, 6.x hasta 6.0.17, y 7.x hasta 7.0.6. Un atacante logeado en OTRS como un agente d... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10067
https://notcve.org/view.php?id=CVE-2019-10067
21 May 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. Se encontró un problema en Open Ticket Request System (OTRS) versión 7.x hasta 7.0.6 y en Community Edition versión versión 5.0.x hasta 5.0.35 y versión 6.0.x hasta 6.0.17. Un atacante logeado en OTRS c... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20800
https://notcve.org/view.php?id=CVE-2018-20800
13 Mar 2019 — An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. Se ha descubierto un problema en Open Ticket Request System (OTRS), en sus CVErsiones 5.0.31 y 6.0.13. Los usuarios que actualicen a la CVErsión 6.0.13 (también actualizaciones a niCVEl de parche) o 5.0.31 (solo actualizaciones principales) experimentarán una pérdida de datos en su tabla d... • https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9751
https://notcve.org/view.php?id=CVE-2019-9751
13 Mar 2019 — An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm. Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 6.x, anteriores a la 6.0.17 y CVErsiones 7.x anteriores a la 7.0.5. Un atacante que haya iniciado sesión en OTRS como usuario administrador p... • https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •