CVE-2023-1316

Cross-site Scripting XSS - Stored in GitHub repository osticket/osticket prior to v1.16.6...

CVE-2023-1318

Cross-site Scripting XSS - Generic in GitHub repository osticket/osticket prior to v1.16.6...

CVE-2023-1315

Cross-site Scripting XSS - Reflected in GitHub repository osticket/osticket prior to v1.16.6...

CVE-2023-30082

A denial of service attack might be launched against the server if an unusually lengthy password more than 10000000 characters is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all...

CVE-2023-1320

Cross-site Scripting XSS - Stored in GitHub repository osticket/osticket prior to v1.16.6...

CVE-2023-27148

A stored cross-site scripting XSS vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter...

CVE-2022-32074

A stored cross-site scripting XSS vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2020-24881

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning...

CVE-2020-22609

Cross Site Scripting XSS vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php...

CVE-2020-24917

osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::uploadInlineImage in include/ajax.draft.php...

CVE-2020-12629

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name...

CVE-2020-14012

scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent...

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php...

CVE-2010-0606

Cross-site scripting XSS vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php...

CVE-2019-14750

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

CVE-2019-14748

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer or no mitigations implemented for file content checks; also, the output is not handled...

CVE-2019-13397

Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket...

CVE-2015-1347

Cross-site scripting XSS vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...