ad-password arrow-down-ring arrow-left arrow-right auto-select cog customer-id excel-statistics external-link featured github icn-admin icn-developer icn-evaluierung icn-installation icn-keyuser icn-konzeptionierung icn-master icn-performance icn-review last-contact linkedin map-person messages multi-upload no-eye out-of-office password-guidlines pending-time phone plus proxy-support quick-close search service-catalog setting-search shield sugarcrm-integration tag-cloud ticket-create twitter watch-arrow watchlist xing

Security Advisories

This is a list of known security issues in specific OTRS versions.

# Title CVE Severity Date
ZSA-2019-07 Disclosure of personal agent information in customer frontend. CVE-2019-12497 Low 05/31/2019
ZSA-2019-06 Malicious email can cause browser to load external files. CVE-2019-12248 Low 05/31/2019
ZSA-2019-05 Execution of arbitrary Javascript code via OTRS appointment calendar CVE-2019-10066 Low 04/26/2019
ZSA-2019-04 Execution of arbitrary Javascript code via URL manipulation CVE-2019-10067 Low 04/26/2019
ZSA-2019-03 Importing statistics XML can lead to reading arbitrary files of OTRS file system CVE-2019-9892 Medium 04/26/2019
ZSA-2019-02 Privilege escalation using a manipulated URL to execute JavaScript code CVE-2019-9751 Low 03/11/2019
ZSA-2019-01 Privilege escalation in picture upload CVE-2019-9752 Low 01/18/2019
ZSA-2018-08 Privilege escalation using HTML Form-Params CVE-2012-2582 High 11/09/2018
ZSA-2012-02 XSS attack in Firefox and Opera possible CVE-2012-4600 Critical 08/30/2012