ad-password arrow-down-ring arrow-left arrow-right auto-select cog customer-id excel-statistics external-link featured github icn-admin icn-developer icn-evaluierung icn-installation icn-keyuser icn-konzeptionierung icn-master icn-performance icn-review last-contact linkedin map-person messages multi-upload no-eye out-of-office password-guidlines pending-time phone plus proxy-support quick-close search service-catalog setting-search shield sugarcrm-integration tag-cloud ticket-create twitter watch-arrow watchlist xing wechat qq weibo

安全通告

这里公布已确认的系统安全问题. 请尽快将系统更新到最新的修正版本, 如果您公司的系统已托管给我们运维, 即无需担心, 我们会处理一切.

ID标题CVE等级日期
ZSA-2020-12jQuery version 3.4.1 is vulnerable to cross-site-scriptingCVE-2020-11022 / CVE-2020-11023Medium2020-10-12
ZSA-2020-11Renaming or setting user invalid keeps his session activeCVE-2020-1776Low2020-07-20
ZSA-2019-06Malicious email can cause browser to load external filesCVE-2019-12248Low2019-05-31
ZSA-2019-05Execution of arbitrary Javascript code via OTRS appointment calendarCVE-2019-10066Low2019-04-26
ZSA-2019-04Execution of arbitrary Javascript code via URL manipulationCVE-2019-10067Low2019-04-26
ZSA-2019-03Importing statistics XML can lead to reading arbitrary files of OTRS file systemCVE-2019-9892Medium2019-04-26
ZSA-2019-02Privilege escalation in picture uploadCVE-2019-9751Low2019-03-11
ZSA-2019-01Privilege escalation in picture uploadCVE-2019-9752Low2019-01-18
ZSA-2018-08Privilege escalation using HTML Form-ParamsCVE-2012-2582High2018-09-11
ZSA-2012-02XSS attack in Firefox and Opera possibleCVE-2012-4600Critical2012-08-30