CVE-2020-24917

2020-08-3016:15:14

Google

osv.dev

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.6%

JSON

osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.

CPENameOperatorVersion
osticketeq1.8.2-dpr
osticketeq1.12.1
osticketeq1.9.5.1
osticketeq1.10.7
osticketeq1.8.0-rc2
osticketeq1.11.0-rc1
osticketeq1.8.1-dpr
osticketeq1.12
osticketeq1.8.4
osticketeq1.14.1

Name	Operator	Version
osticket	eq	1.8.2-dpr
osticket	eq	1.12.1
osticket	eq	1.9.5.1
osticket	eq	1.10.7
osticket	eq	1.8.0-rc2
osticket	eq	1.11.0-rc1
osticket	eq	1.8.1-dpr
osticket	eq	1.12
osticket	eq	1.8.4
osticket	eq	1.14.1