Vulnerabilities in OTRS AG
81 resultsCVE-2026-48208MEDIUMDenial-of-Service via SVG Rendering in TicketEPSS 0.3%CVE-2023-38057MEDIUMXSS stored in survey answersEPSS 0.3%CVE-2023-38058MEDIUMTickets can be moved without permissionsEPSS 0.3%CVE-2023-1250HIGHCode execution through ACL creationEPSS 0.3%CVE-2023-5422HIGHSSL Certificates are not checked for E-Mail HandlingEPSS 0.3%CVE-2024-23794MEDIUMAgents are able to lock the ticket without the "Owner" permissionEPSS 0.3%CVE-2024-23790LOWMissing file type check in avatar picture uploadEPSS 0.3%CVE-2026-48210MEDIUMPossible information disclosure via External InterfaceEPSS 0.2%CVE-2025-24388LOWUnsafe handling of AJAX callsEPSS 0.2%CVE-2025-24391MEDIUMPossible user enumerationEPSS 0.2%CVE-2024-43445MEDIUMMissing X-Content-Type-Options: nosniff Header Allows MIME Type SniffingEPSS 0.2%CVE-2026-48209HIGHReflected XSS in authenticated agent contextEPSS 0.2%CVE-2024-43446LOWImproper check of permissions in Generic InterfaceEPSS 0.2%CVE-2026-48187MEDIUMEmail with special content can lead to DoSEPSS 0.2%CVE-2026-48189MEDIUMBypass DedicatedAgentToCustomerGroups SettingEPSS 0.2%CVE-2025-24390MEDIUMMissing Cookie FlagsEPSS 0.2%CVE-2026-6060MEDIUMPossible DoS via SQL BoxEPSS 0.2%CVE-2026-48191LOWWrong Permission Handling in Document Search Article Meta FiltersEPSS 0.1%CVE-2026-48190LOWIncorrect handling of permissions in External Interface Config Item List moduleEPSS 0.1%CVE-2025-24387MEDIUMMissing CSRF protectionEPSS 0.1%