Otrs ag ((otrs)) Community Edition Vulnerabilities

Log Information Disclosure in OTRS by OTRS AG

CVE-2025-24389

Otrs AgOtrs6.3MEDIUM

Improper Privilege Management in OTRS Affects Multiple Versions

CVE-2024-43446

Otrs AgOtrs3.5LOW

Content-Type Sniffing Vulnerability in OTRS by OTRS AG

CVE-2024-43445

Otrs AgOtrs5.4MEDIUM

Plain Text Passwords Displayed in OTRS Admin Log Module

CVE-2024-43444

Otrs AgOtrs8.2HIGH

Cross-Site Scripting (XSS) Vulnerability Affects OTRS and Community Edition

CVE-2024-43443

Otrs AgOtrs4.9MEDIUM

Improper Neutralization of Input Leads to Cross-Site Scripting Vulnerability in OTRS

CVE-2024-43442

Otrs AgOtrs4.9MEDIUM

Upload of files outside application directory

CVE-2024-23793

Otrs AgOtrs6.3MEDIUM

External pictures can be loaded even if not allowed by configuration

CVE-2023-38059

Otrs AgOtrs5.3MEDIUM

Possible XSS execution in customer information

CVE-2023-5421

OTRS AGOTRS5.5MEDIUM

SSL Certificates are not checked for E-Mail Handling

CVE-2023-5422

OTRS AGOTRS9.1CRITICAL

Code execution via System Configuration

CVE-2023-38056

OTRS AGOTRS7.2HIGH

XSS stored in survey answers

CVE-2023-38057

Otrs AgOtrs4.1MEDIUM

Host header injection by attachments in web service

CVE-2023-38060

Otrs AgOtrs8.8HIGH

Possible XSS in Ticket Actions

CVE-2023-1248

Otrs AgOtrs6.1MEDIUM

Code execution through ACL creation

CVE-2023-1250

Otrs AgOtrs7.4HIGH

SQL Injection via OTRS Search API

CVE-2022-4427

Otrs AgOtrs6.5MEDIUM

DoS attack using email

CVE-2022-39052

Otrs AgOtrs7.5HIGH

Possible XSS in Admin Interface

CVE-2022-39049

Otrs AgOtrs3.5LOW

Possible XSS stored in customer information

CVE-2022-39050

Otrs AgOtrs4.6MEDIUM

Perl Code execution in Template Toolkit

CVE-2022-39051

Otrs AgOtrs6.8MEDIUM

Authenticated remote code execution

CVE-2021-36100

Otrs AgOtrs6.4MEDIUM

DoS attack using PostMaster filters

CVE-2021-36093

Otrs Ag((otrs)) Community Edi...5.3MEDIUM

XSS attack in appointment edit popup screen

CVE-2021-36094

Otrs Ag((otrs)) Community Edi...5.7MEDIUM

User enumeration issue using "lost password" feature

CVE-2021-36095

Otrs Ag((otrs)) Community Edi...5.3MEDIUM

Support Bundle includes S/Mime and PGP secret or PIN

CVE-2021-36096

Otrs Ag((otrs)) Community Edi...5.2MEDIUM

otrs ag ((otrs)) Community Edition Vulnerabilities

Vulnerability Published:

Sort By:

27 January 2025

Log Information Disclosure in OTRS by OTRS AG

Improper Privilege Management in OTRS Affects Multiple Versions

Content-Type Sniffing Vulnerability in OTRS by OTRS AG

26 August 2024

Plain Text Passwords Displayed in OTRS Admin Log Module

Cross-Site Scripting (XSS) Vulnerability Affects OTRS and Community Edition

Improper Neutralization of Input Leads to Cross-Site Scripting Vulnerability in OTRS

6 June 2024

Upload of files outside application directory

16 October 2023

External pictures can be loaded even if not allowed by configuration

Possible XSS execution in customer information

SSL Certificates are not checked for E-Mail Handling

24 July 2023

Code execution via System Configuration

XSS stored in survey answers

Host header injection by attachments in web service

20 March 2023

Possible XSS in Ticket Actions

Code execution through ACL creation

19 December 2022

SQL Injection via OTRS Search API

17 October 2022

DoS attack using email

5 September 2022

Possible XSS in Admin Interface

Possible XSS stored in customer information

Perl Code execution in Template Toolkit

21 March 2022

Authenticated remote code execution

6 September 2021

DoS attack using PostMaster filters

XSS attack in appointment edit popup screen

User enumeration issue using "lost password" feature

Support Bundle includes S/Mime and PGP secret or PIN