ad-password arrow-down-ring arrow-left arrow-right auto-select cog customer-id excel-statistics external-link featured github icn-admin icn-developer icn-evaluierung icn-installation icn-keyuser icn-konzeptionierung icn-master icn-performance icn-review last-contact linkedin map-person messages multi-upload no-eye out-of-office password-guidlines pending-time phone plus proxy-support quick-close search service-catalog setting-search shield sugarcrm-integration tag-cloud ticket-create twitter watch-arrow watchlist xing

Security Advisories

This is a list of known security issues in specific OTRS versions.

# Title CVE Severity Date
ZSA-2019-12 Long filename extensions can cause endless loop CVE-2019-18180 Medium 11/15/2019
ZSA-2019-11 Agents can list tickets without permission CVE-2019-18179 Low 11/15/2019
ZSA-2019-10 Agents and customer users can create articles containing malicious JavaScript CVE-2019-16375 Low 10/04/2019
ZSA-2019-09 OTRS agent might unwillingly disclose session ID CVE-2019-12746 Low 07/12/2019
ZSA-2019-08 Tags in templates can be used to disclose sensitive information CVE-2019-13458 Low 07/12/2019
ZSA-2019-07 Disclosure of personal agent information in customer frontend. CVE-2019-12497 Low 05/31/2019
ZSA-2019-06 Malicious email can cause browser to load external files. CVE-2019-12248 Low 05/31/2019
ZSA-2019-05 Execution of arbitrary Javascript code via OTRS appointment calendar CVE-2019-10066 Low 04/26/2019
ZSA-2019-04 Execution of arbitrary Javascript code via URL manipulation CVE-2019-10067 Low 04/26/2019
ZSA-2019-03 Importing statistics XML can lead to reading arbitrary files of OTRS file system CVE-2019-9892 Medium 04/26/2019
ZSA-2019-02 Privilege escalation using a manipulated URL to execute JavaScript code CVE-2019-9751 Low 03/11/2019
ZSA-2019-01 Privilege escalation in picture upload CVE-2019-9752 Low 01/18/2019
ZSA-2018-08 Privilege escalation using HTML Form-Params CVE-2012-2582 High 11/09/2018
ZSA-2012-02 XSS attack in Firefox and Opera possible CVE-2012-4600 Critical 08/30/2012