CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-12497
https://notcve.org/view.php?id=CVE-2019-12497
17 Jun 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. In the customer or external frontend, personal information of agents (e.g., Name and mail address) can be disclosed in external notes. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.8, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. En el cliente o en la interfaz externa, la informació... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2019-12248
https://notcve.org/view.php?id=CVE-2019-12248
17 Jun 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources. Se descubrió un problema en Open Ticket Request System (OTRS) 7.0.x hasta 7.0.7, Community Edition 6.0.x hasta 6.0.19 y Community Edition 5.0.x hasta 5.0.36. Un atacante podría envi... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9753
https://notcve.org/view.php?id=CVE-2019-9753
03 Jun 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items. Se descubrió un problema en Open Ticket Request System (OTRS) 7.x anterior de la versión 7.0.5. Un atacante que haya iniciado sesión en OTRS como agente o ... • https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10066
https://notcve.org/view.php?id=CVE-2019-10066
21 May 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS. Se encontró un problema en Open Ticket Request System (OTRS) versión 7.x hasta 7.0.6, Community Edition versión 6.0.x hasta 6.0.17 y OTRSAppointmen... • https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9892
https://notcve.org/view.php?id=CVE-2019-9892
21 May 2019 — An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem. Se encontró un problema en Open Ticket Request System (OTRS) en las versiones 5.x hasta 5.0.34, 6.x hasta 6.0.17, y 7.x hasta 7.0.6. Un atacante logeado en OTRS como un agente d... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-10067
https://notcve.org/view.php?id=CVE-2019-10067
21 May 2019 — An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS. Se encontró un problema en Open Ticket Request System (OTRS) versión 7.x hasta 7.0.6 y en Community Edition versión versión 5.0.x hasta 5.0.35 y versión 6.0.x hasta 6.0.17. Un atacante logeado en OTRS c... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20800
https://notcve.org/view.php?id=CVE-2018-20800
13 Mar 2019 — An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. Se ha descubierto un problema en Open Ticket Request System (OTRS), en sus CVErsiones 5.0.31 y 6.0.13. Los usuarios que actualicen a la CVErsión 6.0.13 (también actualizaciones a niCVEl de parche) o 5.0.31 (solo actualizaciones principales) experimentarán una pérdida de datos en su tabla d... • https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-9751
https://notcve.org/view.php?id=CVE-2019-9751
13 Mar 2019 — An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm. Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 6.x, anteriores a la 6.0.17 y CVErsiones 7.x anteriores a la 7.0.5. Un atacante que haya iniciado sesión en OTRS como usuario administrador p... • https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-9752
https://notcve.org/view.php?id=CVE-2019-9752
13 Mar 2019 — An issue was discovered in Open Ticket Request System (OTRS) 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an agent or a customer user may upload a carefully crafted resource in order to cause execution of JavaScript in the context of OTRS. This is related to Content-type mishandling in Kernel/Modules/PictureUpload.pm. Se ha descubierto un problema en Open Ticket Request System (OTRS), en CVErsiones 5.x anteriores a la 5.0.34, CVErsiones 6.x anteriores a ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19142
https://notcve.org/view.php?id=CVE-2018-19142
11 Nov 2018 — Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL. Open Ticket Request System (OTRS) en versiones 6.0.x anteriores a la 6.0.13 permite que un administrador realice un ataque Cross-Site Scripting (XSS) mediante una URL modificada. • https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •