Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OTRS AG — Vulnerabilities & Security Advisories 73

Browse all 73 CVE security advisories affecting OTRS AG. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by OTRS AG:OTRS((OTRS)) Community EditionOTRSCIsInCustomerFrontendOTRSTicketFormsSurveyFAQTime AccountingOTRSCustomContactFields
CVE IDTitleCVSSSeverityPublished
CVE-2026-6060 Possible DoS via SQL Box — OTRSCWE-400 4.5 Medium2026-04-20
CVE-2025-24391 Possible user enumeration — OTRSCWE-203 5.3 Medium2025-07-14
CVE-2025-24388 Unsafe handling of AJAX calls — OTRSCWE-184 3.8 Low2025-06-16
CVE-2025-24387 Missing CSRF protection — OTRSCWE-1275 4.8 Medium2025-03-10
CVE-2025-24390 Missing Cookie Flags — OTRSCWE-614 6.8 Medium2025-01-27
CVE-2025-24389 SMTP Password will be shown in cleartext on some SMTP errors — OTRSCWE-532 6.3 Medium2025-01-27
CVE-2024-43446 Improper check of permissions in Generic Interface — OTRSCWE-269 3.5 Low2025-01-27
CVE-2024-43445 Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing — OTRSCWE-20 5.4 Medium2025-01-27
CVE-2024-43444 Passwords are written to Admin Log Module — OTRSCWE-532 8.2 High2024-08-26
CVE-2024-43443 Stored XSS in process management — OTRSCWE-790 4.9 Medium2024-08-26
CVE-2024-43442 Stored XSS in System Configuration — OTRSCWE-790 4.9 Medium2024-08-26
CVE-2024-23794 Agents are able to lock the ticket without the "Owner" permission — OTRSCWE-266 5.2 Medium2024-07-15
CVE-2024-6540 Information exlosure in external interface — OTRSCWE-790 5.7 Medium2024-07-15
CVE-2024-23793 Upload of files outside application directory — OTRSCWE-22 6.3 Medium2024-06-06
CVE-2024-23790 Missing file type check in avatar picture upload — OTRSCWE-20 3.5 Low2024-01-29
CVE-2024-23791 Unnecessary data is written to log if issues during indexing occurs — OTRSCWE-532 4.9 Medium2024-01-29
CVE-2024-23792 Insufficient access control — OTRSCWE-287 5.3 Medium2024-01-29
CVE-2023-6254 Password is send back to client — OTRSCWE-522 8.1 High2023-11-27
CVE-2023-5421 Possible XSS execution in customer information — OTRSCWE-20 3.5 Low2023-10-16
CVE-2023-38059 External pictures can be loaded even if not allowed by configuration — OTRSCWE-200 5.3 Medium2023-10-16
CVE-2023-5422 SSL Certificates are not checked for E-Mail Handling — OTRSCWE-295 8.7 High2023-10-16
CVE-2023-38060 Host header injection by attachments in web service — OTRSCWE-20 6.3 Medium2023-07-24
CVE-2023-38058 Tickets can be moved without permissions — OTRSCWE-269 4.1 Medium2023-07-24
CVE-2023-38057 XSS stored in survey answers — OTRSCWE-20 4.1 Medium2023-07-24
CVE-2023-38056 Code execution via System Configuration — OTRSCWE-78 7.2 High2023-07-24
CVE-2023-2534 Information disclouse and DoS via websocket push events — OTRSCWE-285 7.6 High2023-05-08
CVE-2023-1250 Code execution through ACL creation — OTRSCWE-20 7.4 High2023-03-20
CVE-2023-1248 Possible XSS in Ticket Actions — OTRSCWE-79 6.1 Medium2023-03-20
CVE-2022-4427 SQL Injection via OTRS Search API — OTRSCWE-20 6.5 Medium2022-12-19
CVE-2022-39052 DoS attack using email — OTRSCWE-835 7.5 High2022-10-17

This page lists every published CVE security advisory associated with OTRS AG. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.