3 matches found
CVE-2019-11537
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...
CVE-2019-11537
CVE-2019-11537 affects osTicket prior to 1.12. An XSS flaw exists in file upload paths (/upload/file.php, /upload/scp/users.php?do=import-users, /upload/scp/ajax.php/users/import) when an agent manager uploads a crafted CSV to the User Importer, caused by error-message content echoing file conten...
CVE-2019-11537
creationtimestamp| type| source ---|---|--- 2019-04-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46753 2021-05-02 06:40:48+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/311...