Otrs ag Latest Vulnerabilities

Session Hijacking Vulnerability in OTRS Application Server

CVE-2025-24387

Otrs AgOtrs6.5MEDIUM

Session Hijacking Vulnerability in OTRS Application Server

CVE-2025-24390

Otrs AgOtrs6.8MEDIUM

Log Information Disclosure in OTRS by OTRS AG

CVE-2025-24389

Otrs AgOtrs6.3MEDIUM

Improper Privilege Management in OTRS Affects Multiple Versions

CVE-2024-43446

Otrs AgOtrs3.5LOW

Content-Type Sniffing Vulnerability in OTRS by OTRS AG

CVE-2024-43445

Otrs AgOtrs5.4MEDIUM

Plain Text Passwords Displayed in OTRS Admin Log Module

CVE-2024-43444

Otrs AgOtrs8.2HIGH

Cross-Site Scripting (XSS) Vulnerability Affects OTRS and Community Edition

CVE-2024-43443

Otrs AgOtrs4.9MEDIUM

Improper Neutralization of Input Leads to Cross-Site Scripting Vulnerability in OTRS

CVE-2024-43442

Otrs AgOtrs4.9MEDIUM

Incorrect Privilege Assignment in Inline Editing Can Lead to Privilege Escalation

CVE-2024-23794

Otrs AgOtrs7.5HIGH

Upload of files outside application directory

CVE-2024-23793

Otrs AgOtrs6.3MEDIUM

Missing file type check in avatar picture upload

CVE-2024-23790

OTRS AGOTRS9.8CRITICAL

Unnecessary data is written to log if issues during indexing occurs

CVE-2024-23791

Otrs AgOtrs4.9MEDIUM

Insufficient access control

CVE-2024-23792

OTRS AGOTRS6.5MEDIUM

Password is send back to client

CVE-2023-6254

Otrs AgOtrs8.1HIGH

External pictures can be loaded even if not allowed by configuration

CVE-2023-38059

Otrs AgOtrs5.3MEDIUM

Possible XSS execution in customer information

CVE-2023-5421

OTRS AGOTRS5.5MEDIUM

SSL Certificates are not checked for E-Mail Handling

CVE-2023-5422

OTRS AGOTRS9.1CRITICAL

Code execution via System Configuration

CVE-2023-38056

OTRS AGOTRS7.2HIGH

XSS stored in survey answers

CVE-2023-38057

Otrs AgOtrs4.1MEDIUM

Tickets can be moved without permissions

CVE-2023-38058

Otrs AgOtrs4.1MEDIUM

Host header injection by attachments in web service

CVE-2023-38060

Otrs AgOtrs8.8HIGH

Information disclouse and DoS via websocket push events

CVE-2023-2534

Otrs AgOtrs7.6HIGH

Possible XSS in Ticket Actions

CVE-2023-1248

Otrs AgOtrs6.1MEDIUM

Code execution through ACL creation

CVE-2023-1250

Otrs AgOtrs7.4HIGH

SQL Injection via OTRS Search API

CVE-2022-4427

Otrs AgOtrs6.5MEDIUM

otrs ag Latest Vulnerabilities

Vulnerability Published:

Sort By:

10 March 2025

Session Hijacking Vulnerability in OTRS Application Server

27 January 2025

Session Hijacking Vulnerability in OTRS Application Server

Log Information Disclosure in OTRS by OTRS AG

Improper Privilege Management in OTRS Affects Multiple Versions

Content-Type Sniffing Vulnerability in OTRS by OTRS AG

26 August 2024

Plain Text Passwords Displayed in OTRS Admin Log Module

Cross-Site Scripting (XSS) Vulnerability Affects OTRS and Community Edition

Improper Neutralization of Input Leads to Cross-Site Scripting Vulnerability in OTRS

15 July 2024

Incorrect Privilege Assignment in Inline Editing Can Lead to Privilege Escalation

6 June 2024

Upload of files outside application directory

29 January 2024

Missing file type check in avatar picture upload

Unnecessary data is written to log if issues during indexing occurs

Insufficient access control

27 November 2023

Password is send back to client

16 October 2023

External pictures can be loaded even if not allowed by configuration

Possible XSS execution in customer information

SSL Certificates are not checked for E-Mail Handling

24 July 2023

Code execution via System Configuration

XSS stored in survey answers

Tickets can be moved without permissions

Host header injection by attachments in web service

8 May 2023

Information disclouse and DoS via websocket push events

20 March 2023

Possible XSS in Ticket Actions

Code execution through ACL creation

19 December 2022

SQL Injection via OTRS Search API