Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

((OTRS)) Community Edition — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in ((OTRS)) Community Edition, with AI-generated Chinese analysis, references, and POCs.

This page catalogs known security vulnerabilities for OTRS Community Edition, a widely used open-source ticketing system, covering Common Weakness Enumerations (CWE) and associated Common Vulnerabilities and Exposures (CVEs). The collected data aggregates historical and current security flaws affecting this specific product variant, providing a comprehensive view of the risks inherent in its architecture and codebase over time. By consolidating these records, the resource allows security professionals and administrators to track vendor advisories from the OTRS community and development team, understand the nature and impact of specific weakness classes such as cross-site scripting or authorization bypasses, and look up the complete vulnerability history of the product to assess exposure. This aggregation serves as a central reference point for evaluating the security posture of OTRS Community Edition installations, enabling users to prioritize patches and mitigate risks based on verified threat intelligence. The information is structured to facilitate efficient research without requiring navigation through multiple scattered sources, ensuring that detailed context regarding each flaw’s severity, affected versions, and available fixes is readily accessible. This approach supports proactive security management by highlighting trends in vulnerability discovery and resolution, helping stakeholders make informed decisions about system updates and configuration hardening.

Vendor: OTRS AG

CVE IDTitleCVSSSeverityPublished
CVE-2021-36096 Support Bundle includes S/Mime and PGP secret or PIN CWE-200 5.2 Medium2021-09-06
CVE-2021-36095 User enumeration issue using "lost password" feature CWE-200 5.3 Medium2021-09-06
CVE-2021-36094 XSS attack in appointment edit popup screen CWE-79 5.7 Medium2021-09-06
CVE-2021-36093 DoS attack using PostMaster filters CWE-185 5.3 Medium2021-09-06
CVE-2021-36092 XSS attack using special link in email CWE-79 6.5 Medium2021-07-26
CVE-2021-36091 Unautorized access to the calendar appointments CWE-200 3.5 Low2021-07-26
CVE-2021-21443 Unautorized listing of the customer user emails CWE-200 3.5 Low2021-07-26
CVE-2021-21440 Support Bundle includes S/Mime and PGP keys CWE-200 5.2 Medium2021-07-26
CVE-2021-21441 XSS in the ticket overview screens CWE-79 7.5 High2021-06-16
CVE-2021-21439 Possible DoS attack using a special crafted URL in email body CWE-754 6.5 Medium2021-06-14
CVE-2020-1776 Invalidating or changing user does not invalidate session CWE-613 3.5 Low2020-07-20
CVE-2020-1774 Information disclosure CWE-201 4.5 Medium2020-04-28
CVE-2020-1773 Session / Password / Password token leak CWE-331 7.3 High2020-03-27
CVE-2020-1772 Information Disclosure CWE-155 6.5 Medium2020-03-27
CVE-2020-1771 Possible XSS in Customer user address book CWE-79 4.6 Medium2020-03-27
CVE-2020-1770 Information disclosure in support bundle files CWE-201 2.4 Low2020-03-27
CVE-2020-1769 Autocomplete in the form login screens CWE-16 3.5 Low2020-03-27
CVE-2020-1767 Possible to send drafted messages as wrong agent 3.5 Low2020-01-10
CVE-2020-1766 Improper handling of uploaded inline images CWE-79 2.0 Low2020-01-10
CVE-2020-1765 Spoofing of From field in several screens CWE-472 3.5 Low2020-01-10

All 20 known CVE vulnerabilities affecting ((OTRS)) Community Edition with full Chinese analysis, references, and POCs where available.