Lucene search

K
osvGoogleOSV:CVE-2023-27148
HistoryOct 23, 2023 - 8:15 p.m.

CVE-2023-27148

2023-10-2320:15:08
Google
osv.dev
4
cve-2023-27148
stored cross-site scripting
admin panel
enhancesoft osticket v1.17.2
attackers
arbitrary web scripts
html
role name parameter
software

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

Related for OSV:CVE-2023-27148