Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

OTRS — Vulnerabilities & Security Advisories 47

All 47 CVE vulnerabilities found in OTRS, with AI-generated Chinese analysis, references, and POCs.

Vendor: OTRS AG

CVE IDTitleCVSSSeverityPaused
CVE-2026-6060 Possible DoS via SQL Box CWE-400 4.5 Medium2026-04-20
CVE-2025-24391 Possible user enumeration CWE-203 5.3 Medium2025-07-14
CVE-2025-24388 Unsafe handling of AJAX calls CWE-184 3.8 Low2025-06-16
CVE-2025-24387 Missing CSRF protection CWE-1275 4.8 Medium2025-03-10
CVE-2025-24390 Missing Cookie Flags CWE-614 6.8 Medium2025-01-27
CVE-2025-24389 SMTP Password will be shown in cleartext on some SMTP errors CWE-532 6.3 Medium2025-01-27
CVE-2024-43446 Improper check of permissions in Generic Interface CWE-269 3.5 Low2025-01-27
CVE-2024-43445 Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing CWE-20 5.4 Medium2025-01-27
CVE-2024-43444 Passwords are written to Admin Log Module CWE-532 8.2 High2024-08-26
CVE-2024-43443 Stored XSS in process management CWE-790 4.9 Medium2024-08-26
CVE-2024-43442 Stored XSS in System Configuration CWE-790 4.9 Medium2024-08-26
CVE-2024-23794 Agents are able to lock the ticket without the "Owner" permission CWE-266 5.2 Medium2024-07-15
CVE-2024-6540 Information exlosure in external interface CWE-790 5.7 Medium2024-07-15
CVE-2024-23793 Upload of files outside application directory CWE-22 6.3 Medium2024-06-06
CVE-2024-23790 Missing file type check in avatar picture upload CWE-20 3.5 Low2024-01-29
CVE-2024-23791 Unnecessary data is written to log if issues during indexing occurs CWE-532 4.9 Medium2024-01-29
CVE-2024-23792 Insufficient access control CWE-287 5.3 Medium2024-01-29
CVE-2023-6254 Password is send back to client CWE-522 8.1 High2023-11-27
CVE-2023-5421 Possible XSS execution in customer information CWE-20 3.5 Low2023-10-16
CVE-2023-38059 External pictures can be loaded even if not allowed by configuration CWE-200 5.3 Medium2023-10-16
CVE-2023-5422 SSL Certificates are not checked for E-Mail Handling CWE-295 8.7 High2023-10-16
CVE-2023-38060 Host header injection by attachments in web service CWE-20 6.3 Medium2023-07-24
CVE-2023-38058 Tickets can be moved without permissions CWE-269 4.1 Medium2023-07-24
CVE-2023-38057 XSS stored in survey answers CWE-20 4.1 Medium2023-07-24
CVE-2023-38056 Code execution via System Configuration CWE-78 7.2 High2023-07-24
CVE-2023-2534 Information disclouse and DoS via websocket push events CWE-285 7.6 High2023-05-08
CVE-2023-1250 Code execution through ACL creation CWE-20 7.4 High2023-03-20
CVE-2023-1248 Possible XSS in Ticket Actions CWE-79 6.1 Medium2023-03-20
CVE-2022-4427 SQL Injection via OTRS Search API CWE-20 6.5 Medium2022-12-19
CVE-2022-3501 Information exposure of template content due to missing check of permissions CWE-200 3.5 Low2022-10-17

All 47 known CVE vulnerabilities affecting OTRS with full Chinese analysis, references, and POCs where available.