Debian/otrs2 — 134 CVEs · VulnScope

pkg:Debian/otrs2

134 total CVEsCRITICAL1HIGH25MEDIUM58

✅ Check your installed version

All known vulnerabilities

MEDIUM6.9CVE-2020-11023⚠ KEVPotential XSS vulnerability in jQuery
from 0, < 6.0.30-1
CRITICAL9.8CVE-2022-4427Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservic…
from 0
HIGH8.8Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS…
from 0
HIGH8.8Specially crafted string in OTRS system configuration can allow the execution of any system command.
from 0
HIGH8.8otrs2 - SQL injection
from 0, < 2.4.9+dfsg1-3+squeeze4
HIGH8.8otrs2 - SQL injection
from 0, < 3.2.9-1
HIGH8.8otrs2 - security update
from 0, < 6.0.10-1
HIGH8.8otrs2 - security update
from 0, < 5.0.16-1+deb9u6
HIGH8.8otrs2 - security update
from 0, < 3.3.18-1+deb8u5
HIGH8.8otrs2 - security update
from 0, < 3.3.18-1+deb8u4
HIGH8.8otrs2 - security update
from 0, < 6.0.3-1
HIGH8.8otrs2 - security update
from 0, < 3.3.18-1~deb7u3
HIGH8.8In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who…
from 0, < 6.0.2-1
HIGH8.8otrs2 - security update
from 0, < 5.0.24-1
HIGH8.8otrs2 - security update
from 0, < 3.3.18-1+deb8u2
HIGH8.8otrs2 - security update
from 0, < 3.3.18-1~deb7u2
HIGH8.8otrs2 - security update
from 0, < 4.0.7-2
HIGH8.8otrs2 - security update
from 0, < 3.3.18-1+deb8u1
HIGH8.8otrs2 - security update
from 0, < 5.0.23-1
HIGH8.8otrs2 - security update
from 0, < 3.3.9-3+deb8u1
HIGH8.8otrs2 - security update
from 0, < 5.0.20-1
HIGH8.1An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-20…
from 0, < 6.0.27-1
HIGH7.5There is a XSS vulnerability in the ticket overview screens.
from 0, < 6.0.32-5
HIGH7.5Regular Expression Denial of Service in jquery-validation
from 0, < 6.0.32-4
HIGH7.5It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generate…
from 0, < 6.0.27-1
HIGH7.5Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g.
from 0, < 6.0.24-1
HIGH7.2In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are ab…
from 0
MEDIUM6.9drupal7 - security update
from 0, < 6.0.30-1
MEDIUM6.5XSS in `*Text` options of the Datepicker widget in jquery-ui
from 0
MEDIUM6.5XSS in the `of` option of the `.position()` util in jquery-ui
from 0
MEDIUM6.5jqueryui - security update
from 0
MEDIUM6.5Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden.
from 0, < 6.0.32-6
MEDIUM6.5DoS attack can be performed when an email contains specially designed URL in the body.
from 0, < 6.0.32-5
MEDIUM6.5otrs2 - privilege escalation
from 0, < 3.2.8-1
MEDIUM6.5otrs2 - privilege escalation
from 0, < 3.1.7+dfsg1-8+deb7u2
MEDIUM6.5otrs2 - privilege escalation
from 0, < 3.1.7+dfsg1-8+deb7u1
MEDIUM6.5otrs2 - privilege escalation
from 0, < 3.2.7-1
MEDIUM6.5An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before…
from 0, < 3.1.7+dfsg1-8
MEDIUM6.5An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, and Community Edition 5.0.x through 5.0.36 and 6.0.x thro…
from 0, < 6.0.20-1
MEDIUM6.5An issue was discovered in Open Ticket Request System (OTRS) Community Edition 5.0.x through 5.0.36 and 6.0.x through 6.0.19.
from 0, < 6.0.20-1
MEDIUM6.5otrs2 - security update
from 0, < 6.0.18-1
MEDIUM6.5otrs2 - security update
from 0, < 3.3.18-1+deb8u9
MEDIUM6.5An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13.
from 0, < 6.0.14-1
MEDIUM6.5Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5.0.31, and 6.0.x before 6.0.13 allows an authenticated user to delete…
from 0, < 6.0.13-1
MEDIUM6.5In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious…
from 0, < 6.0.11-1
MEDIUM6.5otrs2 - security update
from 0, < 6.0.2-1
MEDIUM6.5otrs2 - security update
from 0, < 3.3.18-1+deb8u3
MEDIUM6.1An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12.
from 0, < 6.0.12-1
MEDIUM6.1Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute mali…
from 0, < 6.0.25-1
MEDIUM6.1mediawiki - security update
from 0, < 6.0.26-1
MEDIUM6.1mediawiki - security update
from 0, < 3.3.18-1+deb8u14
MEDIUM6.1mediawiki - security update
from 0, < 6.0.16-2+deb10u1
MEDIUM6.1otrs2 - security update
from 0, < 3.1.7+dfsg1-8+deb7u6
MEDIUM6.1otrs2 - security update
from 0, < 5.0.14-1
MEDIUM5.4Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript).
from 0, < 6.0.27-1
MEDIUM5.4An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x thr…
from 0, < 6.0.23-1
MEDIUM5.4An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through…
from 0, < 6.0.18-1
MEDIUM5.4An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointment…
from 0, < 6.0.18-1
MEDIUM5.4otrs2 - security update
from 0, < 3.3.18-1+deb8u8
MEDIUM5.4otrs2 - security update
from 0, < 6.0.16-1
MEDIUM5.3otrs2 - security update
from 0, < 6.0.25-1
MEDIUM5.3otrs2 - security update
from 0, < 3.3.18-1+deb8u13
MEDIUM5.3An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8, Community Edition 6.0.x through 6.0.19, and Community Edi…
from 0, < 6.0.19-1
MEDIUM4.9When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys.
from 0, < 6.0.28-1
MEDIUM4.8An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5.
from 0, < 6.0.17-1
MEDIUM4.8Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.
from 0, < 6.0.13-1
MEDIUM4.8otrs2 - security update
from 0, < 3.3.18-1+deb8u7
MEDIUM4.8otrs2 - security update
from 0, < 6.0.1-1
MEDIUM4.6otrs2 - security update
from 0, < 6.0.8-1
MEDIUM4.6otrs2 - security update
from 0, < 3.3.18-1+deb8u11
MEDIUM4.3Agents are able to list appointments in the calendars without required permissions.
from 0, < 6.0.32-6
MEDIUM4.3Agents are able to list customer user emails without required permissions in the bulk action screen.
from 0, < 6.0.32-6
MEDIUM4.3When an agent user is renamed or set to invalid the session belonging to the user is keept active.
from 0, < 6.0.29-1
MEDIUM4.3otrs2 - security update
from 0, < 3.3.18-1+deb8u15
MEDIUM4.3otrs2 - security update
from 0, < 6.0.27-1
MEDIUM4.3In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as securit…
from 0, < 6.0.27-1
MEDIUM4.3Agent A is able to save a draft (i.e.
from 0, < 6.0.25-1
MEDIUM4.3otrs2 - security update
from 0, < 6.0.24-1
MEDIUM4.3otrs2 - security update
from 0, < 3.3.18-1+deb8u12
MEDIUM4.3otrs2 - security update
from 0, < 6.0.19-1
MEDIUM4.3otrs2 - security update
from 0, < 3.3.18-1+deb8u10
MEDIUM4.3otrs2 - security update
from 0, < 6.0.11-1
MEDIUM4.3otrs2 - security update
from 0, < 3.3.18-1+deb8u6
MEDIUM4.3An issue was discovered in OTRS 6.0.x before 6.0.7.
from 0, < 6.0.7-1
—otrs2 - security update
from 0, < 3.3.9-3
—otrs2 - security update
from 0, < 3.1.7+dfsg1-8+deb7u5
—OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME…
from 0, < 3.3.6-1
—Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.…
from 0, < 3.3.6-1
—otrs2 - security update
from 0, < 3.3.18-1~deb7u1
—otrs2 - security update
from 0, < 3.3.5-1
—Multiple cross-site request forgery (CSRF) vulnerabilities in (1) CustomerPreferences.pm, (2) CustomerTicketMessage.pm, (3) CustomerTicketP…
from 0, < 3.3.4-1
—otrs2 - several
from 0, < 2.4.9+dfsg1-3+squeeze5
—otrs2 - several
from 0, < 3.3.4-1
—Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x…
from 0, < 3.1.7+dfsg1-6
—Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x…
from 0, < 3.1.7+dfsg1-5
—otrs2 - cross-site scripting
from 0, < 2.4.9+dfsg1-3+squeeze3
—otrs2 - cross-site scripting
from 0, < 3.1.7+dfsg1-4
—Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and…
from 0, < 2.4.7-1
—otrs2 - cross-site scripting
from 0, < 2.4.9+dfsg1-3+squeeze1
—otrs2 - cross-site scripting
from 0, < 2.4.10+dfsg1-1