) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:otrs:otrs_itsm:2.1.2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2021-36100 |
Specially crafted string in OTRS system configuration can allow the execution of any system command. Published: March 21, 2022; 6:15:07 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2013-2637 |
A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code. Published: February 12, 2020; 12:15:11 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2012-2582 |
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. Published: August 23, 2012; 6:32:14 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |