CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.1CVSS6.7AI score0.00108EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:3 p.m.•2 views

CVE-2020-22609

Cross Site Scripting XSS vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php...

6.1CVSS5.9AI score0.00328EPSS

Exploits0

NVD•added 2024/02/20 9:15 p.m.•8 views

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.1CVSS6.4AI score0.00108EPSS

Exploits1References1

CVE•added 2024/02/20 12:0 a.m.•4013 views

CVE-2023-46967

CVE-2023-46967 involves a Cross Site Scripting vulnerability in the sanitize function of Enhancesoft osTicket 1.18.0 . The underlying issue allows a remote attacker to escalate privileges via a crafted support ticket. Core details from the connected documents confirm the affected software and the...

6.1CVSS6.6AI score0.00108EPSS

Exploits1References1Affected Software1

CNNVD•added 2024/02/20 12:0 a.m.•1 views

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is an open-source ticketing system from Enhancesoft, USA. A cross-site scripting vulnerability exists in Enhancesoft osTicket version 1.18.0, which stems from a vulnerability that allows a remote attacker to elevate privileges via a carefully crafted support ticket...

6.1CVSS6.3AI score0.00108EPSS

Exploits1References2

Cvelist•added 2024/02/20 12:0 a.m.•8 views

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.6AI score0.00108EPSS

Exploits1References1

Vulnrichment•added 2024/02/20 12:0 a.m.•9 views

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

6.9AI score0.00108EPSS

Exploits1References1

NVD•added 2023/10/23 8:15 p.m.•12 views

CVE-2023-27149

A stored cross-site scripting XSS vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list...

4.8CVSS5AI score0.00069EPSS

Exploits1References1

ATTACKERKB•added 2023/10/23 8:15 p.m.•1 views

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

4.8CVSS6AI score0.00069EPSS

Exploits1References2

NVD•added 2023/10/23 8:15 p.m.•10 views

CVE-2023-27148

4.8CVSS4.9AI score0.00069EPSS

Exploits1References1

OSV•added 2023/10/23 8:15 p.m.•16 views

CVE-2023-27148

4.8CVSS5.7AI score0.00069EPSS

Exploits1References1

OSV•added 2023/10/23 8:15 p.m.•9 views

CVE-2023-27149

4.8CVSS5.7AI score0.00069EPSS

Exploits1References1

Prion•added 2023/10/23 8:15 p.m.•14 views

Cross site scripting

4.3CVSS4.9AI score0.00069EPSS

Exploits1References1Affected Software1

Prion•added 2023/10/23 8:15 p.m.•15 views

Cross site scripting

4.3CVSS4.9AI score0.00069EPSS

Exploits1References1Affected Software1

CVE•added 2023/10/23 12:0 a.m.•48 views

CVE-2023-27149

CVE-2023-27149 describes a stored XSS in Enhancesoft osTicket v1.17.2, exploitable via crafted payload in the Label input during a custom list update. Affected component: Label field handling in osTicket’s custom lists. Impact per sources: execution of arbitrary web scripts/HTML. Root cause: inpu...

4.8CVSS4.9AI score0.00069EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by