CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-36100 – Authenticated remote code execution
https://notcve.org/view.php?id=CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command. Una cadena especialmente diseñada en la configuración del sistema OTRS puede permitir la ejecución de cualquier comando del sistema • https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html https://otrs.com/release-notes/otrs-security-advisory-2022-03 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 33%CPEs: 7EXPL: 2CVE-2013-2637 – OTRS 3.x - FAQ Module Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2013-2637
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en OTRS ITSM versiones anteriores a 3.2.4, 3.1.8 y 3.0.7 y FAQ versiones anteriores a 2.1.4 y 2.0.8, por medio de changes, workorder items, y FAQ articles, podrían permitir a un usuario malicioso remoto ejecutar código arbitrario. • https://www.exploit-db.com/exploits/24922 http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html http://www.exploit-db.com/exploits/24922 http://www.securityfocus.com/bid/58930 https://exchange.xforce.ibmcloud.com/vulnerabilities/83288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 2CVE-2012-2582 – OTRS Open Technology Real Services 3.1.4 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2582
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en Open Ticket Request System (OTRS) Help Desk v2.4.x anterior a v2.4.13, v3.0.x anterior a v3.0.15, y v3.1.x anterior a v3.1.9, y OTRS ITSM v2.1.x anterior a v2.1.5, v3.0.x anterior a v3.0.6, y v3.1.x anterior a v3.1.6, permite a atacantes remotos inyectar código web o HTML arbitrario a través del cuerpo de un mensaje de correo electrónico con (1)una propiedad de una expresión en un atributo STYLE de un elemento arbitrario o (2) texto UTF-7 en un elemento META HTTP-EQUIV="CONTENT-TYPE". • https://www.exploit-db.com/exploits/20359 http://lists.opensuse.org/opensuse-updates/2012-09/msg00024.html http://secunia.com/advisories/50513 http://www.debian.org/security/2012/dsa-2536 http://www.kb.cert.org/vuls/id/582879 http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •