CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.1CVSS6.7AI score0.00439EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:3 p.m.•15 views

CVE-2020-22609

Cross Site Scripting XSS vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php...

6.1CVSS5.9AI score0.00686EPSS

Exploits0

NVD•added 2024/02/20 9:15 p.m.•12 views

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.1CVSS6.4AI score0.00439EPSS

Exploits1References1

Vulnrichment•added 2024/02/20 12:0 a.m.•11 views

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.9AI score0.00439EPSS

Exploits1References1

CNNVD•added 2024/02/20 12:0 a.m.•2 views

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is an open-source ticketing system from Enhancesoft, USA. A cross-site scripting vulnerability exists in Enhancesoft osTicket version 1.18.0, which stems from a vulnerability that allows a remote attacker to elevate privileges via a carefully crafted support ticket...

6.1CVSS6.3AI score0.00439EPSS

Exploits1References2

Cvelist•added 2024/02/20 12:0 a.m.•11 views

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.6AI score0.00439EPSS

Exploits1References1

CVE•added 2024/02/20 12:0 a.m.•4022 views

CVE-2023-46967

CVE-2023-46967 involves a Cross Site Scripting vulnerability in the sanitize function of Enhancesoft osTicket 1.18.0 . The underlying issue allows a remote attacker to escalate privileges via a crafted support ticket. Core details from the connected documents confirm the affected software and the...

6.1CVSS6.6AI score0.00439EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2023/10/23 8:15 p.m.•2 views

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

4.8CVSS6AI score0.00354EPSS

Exploits1References2

NVD•added 2023/10/23 8:15 p.m.•23 views

CVE-2023-27149

A stored cross-site scripting XSS vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list...

4.8CVSS5AI score0.00354EPSS

Exploits1References1

NVD•added 2023/10/23 8:15 p.m.•20 views

CVE-2023-27148

4.8CVSS4.9AI score0.00354EPSS

Exploits1References1

OSV•added 2023/10/23 8:15 p.m.•20 views

CVE-2023-27149

4.8CVSS5.7AI score0.00354EPSS

Exploits1References1

OSV•added 2023/10/23 8:15 p.m.•24 views

CVE-2023-27148

4.8CVSS5.7AI score0.00354EPSS

Exploits1References1

Prion•added 2023/10/23 8:15 p.m.•16 views

Cross site scripting

4.3CVSS4.9AI score0.00354EPSS

Exploits1References1Affected Software1

Prion•added 2023/10/23 8:15 p.m.•20 views

Cross site scripting

4.3CVSS4.9AI score0.00354EPSS

Exploits1References1Affected Software1

CVE•added 2023/10/23 12:0 a.m.•103 views

CVE-2023-27148

CVE-2023-27148 describes a stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket Admin panel (v1.17.2). The flaw allows an attacker to inject arbitrary web scripts or HTML via the Role Name parameter, enabling potential script execution in the context of authenticated users with...

4.8CVSS4.9AI score0.00354EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by