2 matches found
CVE-2022-31890
CVE-2022-31890 concerns a SQL injection in osTicket-plugins' audit/class.audit.php, exploitable via the order parameter to the getOrder function. The Red Hat/CNNVD/EUVD/OSV and OSV feeds corroborate the description; the core issue is lack of proper input sanitization in the getOrder path, leading...
CVE-2022-31889
The CVE-2022-31889 entry concerns a Cross Site Scripting (XSS) vulnerability in the file audit/templates/auditlogs.tmpl.php within osTicket-plugins, affected prior to the commit a7842d494889fd5533d13deb3c6a7789768795ae. Public references describe the vulnerability location as audit/templates/audi...