Product:

Osticket

(Enhancesoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 19
Date Id Summary Products Score Patch Annotated
2023-03-10 CVE-2023-1318 Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. Osticket 5.4
2023-03-10 CVE-2023-1319 Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Osticket 4.8
2023-03-10 CVE-2023-1320 Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Osticket 6.1
2023-09-08 CVE-2021-45811 A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. Osticket 6.5
2023-10-23 CVE-2023-27148 A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. Osticket 4.8
2023-10-23 CVE-2023-27149 A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. Osticket 4.8
2019-07-09 CVE-2019-13397 Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. Osticket 6.1
2020-05-04 CVE-2020-12629 include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. Osticket N/A
2014-07-09 CVE-2014-4744 Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. Osticket, Osticket N/A