Open Ticket Request System (OTRS) 3.0.16

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:otrs:otrs:3.0.16:*:*:*:*:*:*:*

part: a version: 3.0.16 update: *

VendorOtrs (265741d9-907d-5d62-a717-73ae1ea6326f)
ProductOtrs (a4c8163c-3d72-56f2-bdc3-a93fd57d712f)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/otrs purl2cpe 2026-06-01 10:13:47.818274
pkg:deb/ubuntu/otrs purl2cpe 2026-06-01 10:13:47.818275
pkg:github/otrs/otrs purl2cpe 2026-06-01 10:13:47.818277
pkg:rpm/fedora/otrs purl2cpe 2026-06-01 10:13:47.818278
pkg:rpm/opensuse/otrs purl2cpe 2026-06-01 10:13:47.818280

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2016-9139 vulnerable 2026-06-03 14:36:15.683845 Details available
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.
Published: 2017-02-16T18:00:00.000Z
Updated: 2024-08-06T02:42:10.570Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-4751 vulnerable 2026-06-03 14:32:25.607540 Details available
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
Published: 2012-10-22T16:00:00.000Z
Updated: 2024-08-06T20:42:55.334Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.