5 matches found
Design/Logic Flaw
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication...
CVE-2015-1176-xss-osticket
CVE-2015-1176-xss-osticket Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in osTicket Ticket system Affected Software : osTicket Affected Versions: 1.9.4 and possibly below Vendor Homepage : http://osticket.com/ Vulnerability Type : Cross-site Scripting...
CVE-2015-1176
Cross-site scripting XSS vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action...
CVE-2015-1176
CVE-2015-1176 is a reflected XSS vulnerability in osTicket before 1.9.5. The flaw resides in upload/scp/tickets.php, where the status parameter used during a search action can be crafted to inject arbitrary web script or HTML, enabling remote attackers to execute code in a victim’s browser. Publi...
osTicket 1.9.4 Cross Site Scripting
CVE-2015-1176-xss-osticket Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in osTicket Ticket system Affected Software : osTicket Affected Versions: 1.9.4 and possibly below Vendor Homepage : http://osticket.com/ Vulnerability Type : Cross-site Scripting...