VulnerableCode Package Details - pkg:deb/debian/otrs2@3.0.8%2Bdfsg1-1?distro=bullseye

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-cjbr-pbsr-xuaw	Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.	CVE-2010-4760
VCID-dqpp-t4x2-afa9	installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.	CVE-2010-4758
VCID-dr9z-69dm-akb9	Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.	CVE-2010-4759
VCID-pxet-jht5-hucw	The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.	CVE-2010-4763
VCID-r7b9-qwh3-7bhr	The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.	CVE-2011-1433
VCID-yj7p-1amk-a3fh	The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.	CVE-2010-4761
VCID-ynpn-ctc2-zbhy	Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.	CVE-2010-4762

Vulnerability

Summary

Aliases

VCID-cjbr-pbsr-xuaw

Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.

CVE-2010-4760

VCID-dqpp-t4x2-afa9

installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.

CVE-2010-4758

VCID-dr9z-69dm-akb9

Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.

CVE-2010-4759

VCID-pxet-jht5-hucw

The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.

CVE-2010-4763

VCID-r7b9-qwh3-7bhr

The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.

CVE-2011-1433

VCID-yj7p-1amk-a3fh

The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.

CVE-2010-4761

VCID-ynpn-ctc2-zbhy

Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.

CVE-2010-4762

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:37:41.427946+00:00	Debian Importer	Fixing	VCID-r7b9-qwh3-7bhr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:15:35.692014+00:00	Debian Importer	Fixing	VCID-dqpp-t4x2-afa9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:04:49.500193+00:00	Debian Importer	Fixing	VCID-ynpn-ctc2-zbhy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:39:49.300401+00:00	Debian Importer	Fixing	VCID-dr9z-69dm-akb9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:19:40.530447+00:00	Debian Importer	Fixing	VCID-yj7p-1amk-a3fh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:52:45.479123+00:00	Debian Importer	Fixing	VCID-cjbr-pbsr-xuaw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:49:02.070177+00:00	Debian Importer	Fixing	VCID-pxet-jht5-hucw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:55:29.223880+00:00	Debian Importer	Fixing	VCID-r7b9-qwh3-7bhr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:54:04.135984+00:00	Debian Importer	Fixing	VCID-dqpp-t4x2-afa9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:45:52.988989+00:00	Debian Importer	Fixing	VCID-ynpn-ctc2-zbhy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:25:50.979938+00:00	Debian Importer	Fixing	VCID-dr9z-69dm-akb9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:13:54.442234+00:00	Debian Importer	Fixing	VCID-yj7p-1amk-a3fh	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:57:34.641434+00:00	Debian Importer	Fixing	VCID-cjbr-pbsr-xuaw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:55:25.462580+00:00	Debian Importer	Fixing	VCID-pxet-jht5-hucw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:14.570214+00:00	Debian Importer	Fixing	VCID-r7b9-qwh3-7bhr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.424773+00:00	Debian Importer	Fixing	VCID-pxet-jht5-hucw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.404416+00:00	Debian Importer	Fixing	VCID-ynpn-ctc2-zbhy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.383915+00:00	Debian Importer	Fixing	VCID-yj7p-1amk-a3fh	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.363681+00:00	Debian Importer	Fixing	VCID-cjbr-pbsr-xuaw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.343417+00:00	Debian Importer	Fixing	VCID-dr9z-69dm-akb9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:14.322987+00:00	Debian Importer	Fixing	VCID-dqpp-t4x2-afa9	https://security-tracker.debian.org/tracker/data/json	38.1.0