Lucene search

K
prionPRIOn knowledge basePRION:CVE-2019-11537
HistoryApr 25, 2019 - 7:29 p.m.

Design/Logic Flaw

2019-04-2519:29:00
PRIOn knowledge base
www.prio-n.com
2

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.

CPENameOperatorVersion
osticketlt1.12

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

Related for PRION:CVE-2019-11537