6 matches found
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiy...
CVE-2019-14748
creationtimestamp| type| source ---|---|--- 2019-08-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47224...
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14748 1. Descriptio...
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website:...
osTicket < 1.10.7, 1.12.x < 1.12.1 Multiple Vulnerabilities
osTicket is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-14748
CVE-2019-14748 affects osTicket versions prior to 1.10.7 and 1.12.x prior to 1.12.1. The ticket creation form allows file uploads without sufficient content validation and improper output handling, causing persistent XSS (e.g., uploading a .html file) that can lead to cookie theft or malicious ac...