7 matches found
CVE-2020-24917
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...
osTicket cross-site scripting vulnerability (CNVD-2020-50538)
osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.14.3. The vulnerability can be exploited to conduct a cross-site scripting attack via a specially crafted filename for...
CVE-2020-24917
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...
CVE-2020-24917
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...
Cross site scripting
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...
CVE-2020-24917
CVE-2020-24917 affects osTicket
CVE-2020-24917
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...