((otrs)) community edition

This hub aggregates every CVE we track for ((otrs)) community edition, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting ((otrs)) community edition.

• CVE-2026-48187Email with special content can lead to DoS5.7Jun 1, 2026
• CVE-2026-48188SQL Injection via MySQL Quote Method9.1Jun 1, 2026
• CVE-2026-48208Denial-of-Service via SVG Rendering in Ticket6.5Jun 1, 2026
• CVE-2026-48209Reflected XSS in authenticated agent context7.1Jun 1, 2026
• CVE-2025-24388Unsafe handling of AJAX calls3.8Jun 16, 2025
• CVE-2025-24389SMTP Password will be shown in cleartext on some SMTP errors6.3Jan 27, 2025
• CVE-2024-43446Improper check of permissions in Generic Interface3.5Jan 27, 2025
• CVE-2024-43445Missing X-Content-Type-Options: nosniff Header Allows MIME Type Sniffing5.4Jan 27, 2025
• CVE-2024-43444Passwords are written to Admin Log Module8.2Aug 26, 2024
• CVE-2024-43443Stored XSS in process management4.9Aug 26, 2024
• CVE-2024-43442Stored XSS in System Configuration4.9Aug 26, 2024
• CVE-2024-23793Upload of files outside application directory6.3Jun 6, 2024
• CVE-2023-5421 Possible XSS execution in customer information 3.5Oct 16, 2023
• CVE-2023-38059External pictures can be loaded even if not allowed by configuration5.3Oct 16, 2023
• CVE-2023-5422SSL Certificates are not checked for E-Mail Handling8.7Oct 16, 2023