CVSS: 6.1EPSS: 2%CPEs: 48EXPL: 3CVE-2014-1695 – OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-1695
28 Feb 2014 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email. Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.20, 3.2.x anterior a 3.2.15 y 3.3.x anterior a 3.3.5 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de un email HTML manipulado. An attacker could send a specially prepare... • https://packetstorm.news/files/id/131654 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 45EXPL: 0CVE-2014-1471 – Debian Security Advisory 2867-1
https://notcve.org/view.php?id=CVE-2014-1471
04 Feb 2014 — SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. Vulnerabilidad de inyección SQL en la función StateGetStatesByType en Kernel/System/State.pm en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.19, 3.2.x anterior a 3.2.14 y 3.3.x anterior a 3.3.4 permite a ata... • http://osvdb.org/102661 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 2%CPEs: 45EXPL: 3CVE-2014-1694 – Debian Security Advisory 2867-1
https://notcve.org/view.php?id=CVE-2014-1694
04 Feb 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketProcess.pm, and (4) CustomerTicketZoom.pm in Kernel/Modules/ in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allow remote attackers to hijack the authentication of arbitrary users for requests that (5) create tickets or (6) send follow-ups to existing tickets. Múltiples vulnerabilidades de CSRF en (1) CustomerPreferenc... • http://bugs.otrs.org/show_bug.cgi?id=10099 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4717 – Debian Security Advisory 2733-1
https://notcve.org/view.php?id=CVE-2013-4717
05 Aug 2013 — Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. Múltiples vulnerabilidades de inyección S... • https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4088 – Mandriva Linux Security Advisory 2013-188
https://notcve.org/view.php?id=CVE-2013-4088
20 Jun 2013 — Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. El archivo Kernel/Modules/AgentTicketWatcher.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.21, versiones 3.1.x anteriores a 3.1.17, y versiones 3.2.x anteriores a 3.2.8, no... • http://advisories.mageia.org/MGASA-2013-0196.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3551 – Debian Security Advisory 2696-1
https://notcve.org/view.php?id=CVE-2013-3551
29 May 2013 — Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism. El archivo Kernel/Modules/AgentTicketPhone.pm en Open Ticket Request System (OTRS) versiones 3.0.x anteriores a 3.0.20, ver... • http://advisories.mageia.org/MGASA-2013-0196.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 3CVE-2012-4751 – OTRS 3.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4751
22 Oct 2012 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) Help Desk v2.4.x antes de v2.4.15, v3... • https://www.exploit-db.com/exploits/22070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 3CVE-2012-4600 – OTRS 3.1 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-4600
31 Aug 2012 — Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Open System Request Ticket (OTRS) Help Desk v2.4.x antes de v2.4.14, v3.0.x antes de v3.0.16, y v3.1.x antes de v3.1.10, cuando se usa Firefo... • https://www.exploit-db.com/exploits/22070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 65EXPL: 2CVE-2012-2582 – OTRS Open Technology Real Services 3.1.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2582
23 Aug 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. Múltiples... • https://www.exploit-db.com/exploits/20359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 79EXPL: 0CVE-2011-2746
https://notcve.org/view.php?id=CVE-2011-2746
29 Aug 2011 — Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors. Vulnerabilidad no especificada en Kernel/Modules/AdminPackageManager.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.x antes de v2.4.11 y v3.x antes de v3.0.10. permite a administradores autenticados remotamente leer archivos de su elección a través de vector... • http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html •