VulnerableCode Package Details - pkg:deb/debian/otrs2@6.0.18-1?distro=bullseye

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-rg2d-x2j3-jycq	An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.	CVE-2019-9892
VCID-vahe-evfr-w7hd	An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS.	CVE-2019-10066
VCID-wueh-6rd8-zyg8	An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.	CVE-2019-10067

Vulnerability

Summary

Aliases

VCID-rg2d-x2j3-jycq

An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files on the OTRS filesystem.

CVE-2019-9892

VCID-vahe-evfr-w7hd

An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS.

CVE-2019-10066

VCID-wueh-6rd8-zyg8

An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.

CVE-2019-10067

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:02:05.157940+00:00	Debian Importer	Fixing	VCID-vahe-evfr-w7hd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:28:58.562164+00:00	Debian Importer	Fixing	VCID-rg2d-x2j3-jycq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:04:06.262366+00:00	Debian Importer	Fixing	VCID-wueh-6rd8-zyg8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:29:30.174734+00:00	Debian Importer	Fixing	VCID-vahe-evfr-w7hd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:23.660352+00:00	Debian Importer	Fixing	VCID-rg2d-x2j3-jycq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:04:41.620752+00:00	Debian Importer	Fixing	VCID-wueh-6rd8-zyg8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:49:15.686821+00:00	Debian Importer	Fixing	VCID-rg2d-x2j3-jycq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:15.404711+00:00	Debian Importer	Fixing	VCID-wueh-6rd8-zyg8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:49:15.383804+00:00	Debian Importer	Fixing	VCID-vahe-evfr-w7hd	https://security-tracker.debian.org/tracker/data/json	38.1.0