Open Ticket Request System (OTRS) 2.4.13

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:otrs:otrs:2.4.13:*:*:*:*:*:*:*

part: a version: 2.4.13 update: *

VendorOtrs (265741d9-907d-5d62-a717-73ae1ea6326f)
ProductOtrs (a4c8163c-3d72-56f2-bdc3-a93fd57d712f)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/otrs purl2cpe 2026-06-01 10:13:47.818086
pkg:deb/ubuntu/otrs purl2cpe 2026-06-01 10:13:47.818088
pkg:github/otrs/otrs purl2cpe 2026-06-01 10:13:47.818089
pkg:rpm/fedora/otrs purl2cpe 2026-06-01 10:13:47.818091
pkg:rpm/opensuse/otrs purl2cpe 2026-06-01 10:13:47.818092

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2012-4751 vulnerable 2026-06-03 14:32:25.601425 Details available
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
Published: 2012-10-22T16:00:00.000Z
Updated: 2024-08-06T20:42:55.334Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-4600 vulnerable 2026-06-03 14:32:24.717787 Details available
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.
Published: 2012-08-31T14:00:00.000Z
Updated: 2024-08-06T20:42:54.794Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.