Search CVE reports
31 – 40 of 129 results
CVE-2021-21435
Medium priorityArticle Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-21434
Medium prioritySurvey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20...
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-1779
Medium priorityWhen dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions;...
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-21252
Medium priorityThe jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are...
3 affected packages
civicrm, otrs2, phpmyadmin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
civicrm | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
otrs2 | Not in release | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
phpmyadmin | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2020-1778
Medium priorityWhen OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-1776
Low priorityWhen an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition:...
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2020-1774
Low priorityWhen user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects...
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-1773
Medium priorityAn attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens...
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-1772
Medium priorityIt's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community...
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-1771
Medium priorityAttacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter encoding. This issue...
1 affected packages
otrs2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
otrs2 | Not in release | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |