CVE-2026-48209

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...

EUVD-2019-4538

Malware in sbrugna...

EUVD-2014-8394

Malware in sbrugna...

EUVD-2009-3312

Malware in sbrugna...

PT-2022-9480 · WordPress · Supportcandy

Name of the Vulnerable Software and Affected Versions: SupportCandy WordPress plugin versions prior to 2.2.5 Description: The issue is related to the lack of authorisation and CSRF checks in the wpsc tickets AJAX action, which could allow unauthenticated users to delete arbitrary tickets via the...

CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...

CVE-2019-12963

LiveZilla Server is affected by CVE-2019-12963: prior to 8.0.1.1, the chat.php Create Ticket action is vulnerable to cross-site scripting (XSS). This is confirmed by multiple sources (NVD/Red Hat/CNVD/OpenVAS references) and is characterized by XSS in the Create Ticket/Work Order path. Exploitati...

CVE-2019-12963

LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action...

Sql injection

SQL injection vulnerability in index.php in cP Creator 2.7.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action...