Osticket - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Osticket
(Enhancesoft)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	19

Date	Id	Summary	Products	Score	Patch	Annotated
2023-04-05	CVE-2022-31888	Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.	Osticket	8.8
2023-06-14	CVE-2023-30082	A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.	Osticket	7.5
2020-06-10	CVE-2020-14012	scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.	Osticket	5.4
2021-06-28	CVE-2020-22608	Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.	Osticket	6.1
2021-06-28	CVE-2020-22609	Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.	Osticket	6.1
2022-05-04	CVE-2021-42235	SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.	Osticket	9.8
2022-12-02	CVE-2022-4271	Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.	Osticket	5.4
2023-03-10	CVE-2023-1315	Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.	Osticket	5.4
2023-03-10	CVE-2023-1316	Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.	Osticket	5.4
2023-03-10	CVE-2023-1317	Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.	Osticket	5.4