otrs2 vulnerabilities

Known vulnerabilities in the otrs2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M CVE-2021-21440	*
M Incorrect Authorization	*
M CVE-2021-21443	*
H Cross-site Scripting (XSS)	*
M Improper Handling of Exceptional Conditions	*
H Resource Exhaustion	*
M Insufficient Session Expiration	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M CVE-2020-1774	*
M Cross-site Scripting (XSS)	*
H CVE-2020-1772	*
H Insufficient Entropy	*
M CVE-2020-1769	*
M Information Exposure	*
M CVE-2020-1767	*
M Improper Input Validation	*
M Cross-site Scripting (XSS)	*
M Information Exposure	*
H Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Cross-site Scripting (XSS)	*
M Information Exposure	*
M CVE-2018-11563	*
M CVE-2019-13458	*
M CVE-2019-12248	*
M Information Exposure	*
M Cross-site Scripting (XSS)	*
M XML Injection	*
M Cross-site Scripting (XSS)	*
M Arbitrary Code Injection	*
M Cross-site Scripting (XSS)	*
M Improper Input Validation	*
M Direct Request ('Forced Browsing')	*
M Cross-site Scripting (XSS)	*
M Improper Input Validation	<5.0.16-1+deb9u6
M CVE-2018-16586	<5.0.16-1+deb9u6
H CVE-2018-14593	<5.0.16-1+deb9u6
H SQL Injection	<3.2.9-1
M Improper Privilege Management	<3.1.7+dfsg1-8
M Information Exposure	<3.2.8-1
M Information Exposure	<3.2.7-1
L Unrestricted Upload of File with Dangerous Type	*
H Information Exposure	<5.0.16-1+deb9u5
M Information Exposure	<5.0.16-1+deb9u4
H OS Command Injection	<5.0.16-1+deb9u4
H Arbitrary Code Injection	<5.0.16-1+deb9u3
H CVE-2017-15864	<4.0.7-2
H Improper Input Validation	<5.0.16-1+deb9u2
H Improper Privilege Management	<5.0.16-1+deb9u1
M Cross-site Scripting (XSS)	<5.0.14-1
M Access Restriction Bypass	<3.3.9-3
M Improper Input Validation	<3.3.6-1
L Cross-site Scripting (XSS)	<3.3.6-1
M Cross-site Scripting (XSS)	<3.3.5-1
L SQL Injection	<3.3.4-1
L Cross-site Request Forgery (CSRF)	<3.3.4-1
M Cross-site Scripting (XSS)	<3.1.7+dfsg1-6
L Cross-site Scripting (XSS)	<3.1.7+dfsg1-5
M Cross-site Scripting (XSS)	<3.1.7+dfsg1-4
L CVE-2011-2746	<2.4.7-1
M Cross-site Scripting (XSS)	<2.4.10+dfsg1-1
L Improper Input Validation	<2.4.7+dfsg1-1
L Improper Input Validation	<2.4.5-1
L Access Restriction Bypass	<3.0.8+dfsg1-1
L Race Condition	<2.4.8+dfsg1-1
L Improper Input Validation	<2.4.5-1
L Improper Input Validation	<2.3.2-1
M Access Restriction Bypass	<2.3.2-1
L Access Restriction Bypass	<2.3.2-1
M Access Restriction Bypass	<2.2.6-1
L Access Restriction Bypass	<2.4.5-1
L Improper Input Validation	<3.0.8+dfsg1-1
L Access Restriction Bypass	<3.0.8+dfsg1-1
L Access Restriction Bypass	<2.4.5-1
M Improper Input Validation	<2.2.7-1
M Access Restriction Bypass	<2.2.6-1
M Information Exposure	<2.2.7-1
L Credentials Management	<2.4.10+dfsg1-1
L Cryptographic Issues	<2.4.5-1
L Access Restriction Bypass	<2.3.2-1
L Cryptographic Issues	<3.0.8+dfsg1-1
L Information Exposure	<3.0.8+dfsg1-1
L Cross-site Scripting (XSS)	<3.0.8+dfsg1-1
L Cryptographic Issues	<3.0.8+dfsg1-1
M Cross-site Scripting (XSS)	<2.3.3-1
H OS Command Injection	<2.4.5-1
L Cross-site Scripting (XSS)	<2.4.9+dfsg1-1
M Improper Input Validation	<2.4.8+dfsg1-1
L Cross-site Scripting (XSS)	<2.4.8+dfsg1-1
M SQL Injection	<2.4.7-1
L CVE-2008-7220	<2.3.4-6
M Access Restriction Bypass	<2.2.5-2
M Cross-site Scripting (XSS)	<2.1.1-1

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)