VYPR

Faq

by OTRS

CVEs (3)

  • CVE-2016-5843CriSep 17, 2016
    risk 0.61cvss 9.4epss 0.03

    Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

  • CVE-2013-2637Feb 12, 2020
    risk 0.03cvss epss 0.04

    A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary code.

  • CVE-2021-21438Mar 22, 2021
    risk 0.00cvss epss 0.01

    Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior versions.