CVE-2023-27148

2023-10-2320:15:08

Google

osv.dev

cve-2023-27148

stored cross-site scripting

admin panel

enhancesoft osticket v1.17.2

attackers

arbitrary web scripts

html

role name parameter

software

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.

CPENameOperatorVersion
osticketeq1.10-dpr
osticketeq1.15.2
osticketeq1.12
osticketeq1.12.4
osticketeq1.9.8
osticketeq1.8.0.2
osticketeq1.11
osticketeq1.10.1
osticketeq1.15.3
osticketeq1.10-rc.2

Name	Operator	Version
osticket	eq	1.10-dpr
osticket	eq	1.15.2
osticket	eq	1.12
osticket	eq	1.12.4
osticket	eq	1.9.8
osticket	eq	1.8.0.2
osticket	eq	1.11
osticket	eq	1.10.1
osticket	eq	1.15.3
osticket	eq	1.10-rc.2