Lucene search

K
osvGoogleOSV:CVE-2019-11537
HistoryApr 25, 2019 - 7:29 p.m.

CVE-2019-11537

2019-04-2519:29:01
Google
osv.dev
2

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

Related for OSV:CVE-2019-11537