Lucene search
+L
EnhancesoftOsticket

45 matches found

cve
cve
added 2024/02/20 12:0 a.m.4026 views

CVE-2023-46967

CVE-2023-46967 involves a Cross Site Scripting vulnerability in the sanitize function of Enhancesoft osTicket 1.18.0 . The underlying issue allows a remote attacker to escalate privileges via a crafted support ticket. Core details from the connected documents confirm the affected software and the...

6.1CVSS6.6AI score0.00439EPSS
cve
cve
added 2020/11/02 2:42 p.m.180 views

CVE-2020-24881

osTicket before version 1.14.3 contains CVE-2020-24881: a Server-Side Request Forgery (SSRF) flaw in the PDF/print path that lets an attacker cause the server to fetch internal resources or place malicious files on the server, enabling internal port scanning and information disclosure. The Nuclei...

9.8CVSS9.3AI score0.73267EPSS
cve
cve
added 2023/10/23 12:0 a.m.128 views

CVE-2023-27148

CVE-2023-27148 describes a stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket Admin panel (v1.17.2). The flaw allows an attacker to inject arbitrary web scripts or HTML via the Role Name parameter, enabling potential script execution in the context of authenticated users with...

4.8CVSS4.9AI score0.00354EPSS
cve
cve
added 2019/08/07 4:38 p.m.107 views

CVE-2019-14750

osTicket prior to 1.12.1 and older than 1.10.7/1.12.x are affected by a stored XSS in setup/install.php due to lack of input sanitization in the firstname/lastname fields, which could enable injection and potentially cookie theft or related actions. The confirmed remediation is to upgrade to osTi...

6.1CVSS6.1AI score0.11687EPSS
Web
cve
cve
added 2022/05/04 4:56 p.m.96 views

CVE-2021-42235

osTicket is vulnerable to SQL injection in the login and password reset flow (CVE-2021-42235). Affected: osTicket before 1.14.8 and before 1.15.4. Impact: attacker could access the administration profile functionality. Remedy: upgrade to osTicket 1.14.8 or 1.15.4 or later.

9.8CVSS9.9AI score0.00967EPSS
cve
cve
added 2019/08/07 4:38 p.m.92 views

CVE-2019-14749

Summary: CVE-2019-14749 affects osTicket before 1.10.7 and 1.12.x before 1.12.1, where the export spreadsheets feature can inject formulas (CSV/XLS) via unvalidated input in Name/Internal Notes (Users tab) and Issue Summary (Tickets tab). This can cause a Formula Injection in downloaded spreadshe...

8.8CVSS8.6AI score0.09612EPSS
cve
cve
added 2019/07/09 4:54 p.m.88 views

CVE-2019-13397

The CVE-2019-13397 issue affects osTicket 1.10.1 and is an Unauthenticated Stored XSS vulnerability that lets an attacker gain admin privileges by injecting script/HTML via an arbitrary file extension during ticket creation. The vulnerability is documented across multiple sources (NVD/Red Hat/OSV...

6.1CVSS6AI score0.01108EPSS
cve
cve
added 2019/08/07 4:38 p.m.87 views

CVE-2019-14748

CVE-2019-14748 affects osTicket versions prior to 1.10.7 and 1.12.x prior to 1.12.1. The ticket creation form allows file uploads without sufficient content validation and improper output handling, causing persistent XSS (e.g., uploading a .html file) that can lead to cookie theft or malicious ac...

5.4CVSS5.5AI score0.02733EPSS
cve
cve
added 2025/05/05 12:0 a.m.85 views

CVE-2025-26241

The CVE-2025-26241 entry describes a SQL injection in osTicket’s Search function (tickets.php) for versions

6.5CVSS8.4AI score0.00242EPSS
cve
cve
added 2023/03/10 12:0 a.m.78 views

CVE-2023-1318

osTicket (osticket/osticket) versions prior to 1.16.6 are affected by Cross-site Scripting (XSS) in a generic manner. The vulnerability is described as an XSS flaw in osTicket before 1.16.6, enabling execution of arbitrary JavaScript in the victim’s browser. Affected component is the web applicat...

5.4CVSS5.3AI score0.01015EPSS
cve
cve
added 2023/09/08 12:0 a.m.77 views

CVE-2021-45811

CVE-2021-45811 is a confirmed SQL injection vulnerability in osTicket 1.15.x, affecting the Search functionality on tickets.php where authenticated users can manipulate the query via the combination of the keywords and topic_id URL parameters. The issue allows attackers to execute arbitrary SQL c...

6.5CVSS7AI score0.02454EPSS
cve
cve
added 2018/03/27 5:0 p.m.75 views

CVE-2018-7192

osTicket

6.1CVSS6AI score0.02073EPSS
Web
cve
cve
added 2022/12/02 12:0 a.m.75 views

CVE-2022-4271

osTicket (osticket/osticket)

8CVSS5.6AI score0.00673EPSS
cve
cve
added 2023/03/10 12:0 a.m.71 views

CVE-2023-1315

CVE-2023-1315: Reflected Cross-Site Scripting in osTicket prior to v1.16.6 (osticket/osticket). An attacker could cause arbitrary JavaScript to run in a victim’s browser. Affected component is the web interface; root cause is reflected XSS. Remediation: upgrade osTicket to a version >= 1.16.6....

5.4CVSS5.3AI score0.01059EPSS
cve
cve
added 2023/03/10 12:0 a.m.71 views

CVE-2023-1317

CVE-2023-1317 describes a reflected XSS in osTicket (osticket/osticket) prior to version 1.16.6. The visible impact is that an attacker could cause arbitrary JavaScript to run in a victim’s browser, potentially leading to data theft or unauthorized actions within the user session. The CVE is docu...

5.4CVSS5.3AI score0.01015EPSS
cve
cve
added 2018/03/27 5:0 p.m.70 views

CVE-2018-7196

Summary: CVE-2018-7196 is a cross-site scripting (XSS) vulnerability in osTicket before 1.10.2, exploitable via the sort parameter in /scp/index.php. Affected product/version: osTicket prior to 1.10.2. Root cause / vector: Malicious input to the sort parameter allows injection of arbitrary JavaSc...

6.1CVSS6AI score0.02482EPSS
Web
cve
cve
added 2018/03/27 5:0 p.m.68 views

CVE-2018-7193

Summary : CVE-2018-7193 is an XSS vulnerability in osTicket before 1.10.2. The flaw exists in /scp/directory.php, where the order parameter can be exploited to inject arbitrary script/HTML. Affected software : osTicket

6.1CVSS6AI score0.02482EPSS
Web
cve
cve
added 2022/07/13 3:35 p.m.68 views

CVE-2022-32074

CVE-2022-32074 affects the osTicket-plugins Storage-FS component (audit/class.audit.php). It is a stored XSS vulnerability where a crafted SVG file can cause arbitrary web scripts/HTML execution. The issue is linked to a commit in the repository (a7842d494889fd5533d13deb3c6a7789768795ae) as part ...

5.4CVSS5.2AI score0.01391EPSS
cve
cve
added 2019/04/25 6:26 p.m.66 views

CVE-2019-11537

CVE-2019-11537 affects osTicket prior to 1.12. An XSS flaw exists in file upload paths (/upload/file.php, /upload/scp/users.php?do=import-users, /upload/scp/ajax.php/users/import) when an agent manager uploads a crafted CSV to the User Importer, caused by error-message content echoing file conten...

6.1CVSS5.8AI score0.04622EPSS
Web
cve
cve
added 2023/03/10 12:0 a.m.65 views

CVE-2023-1319

CVE-2023-1319 concerns a stored Cross-site Scripting (XSS) vulnerability in the osTicket project (osticket/osticket) prior to version 1.16.6. The consolidated sources confirm an XSS flaw that persists when user-supplied input is stored and later reflected in responses, with public references tyin...

4.8CVSS4.9AI score0.00473EPSS
cve
cve
added 2021/06/28 6:38 p.m.63 views

CVE-2020-22609

CVE-2020-22609 is an XSS vulnerability in osTicket prior to v1.12.6. Affected component: include/class.queue.php; attacker can inject scripts via the queue-name parameter. Root cause: improper input handling leads to reflected/stored XSS (per the sources confirming the queue-name vector). Impact ...

6.1CVSS6AI score0.00686EPSS
Web
cve
cve
added 2023/04/05 12:0 a.m.58 views

CVE-2022-31888

Summary: CVE-2022-31888 is a session fixation vulnerability in osTicket, affecting versions up to 1.16.2. The issue is located in the login function of class.auth.php, enabling potential session hijacking. The CVSSv3.1 vector indicates Network attack, no privileges required, user interaction requ...

8.8CVSS8.6AI score0.01214EPSS
cve
cve
added 2006/10/19 1:0 a.m.57 views

CVE-2006-5407

CVE-2006-5407 : The NVD/CVE records indicate a PHP remote file inclusion vulnerability in open_form.php used by osTicket, exploitable via a URL in the include_dir parameter to execute arbitrary PHP code. The vulnerability affects the affected software component/function as described in the source...

7.5CVSS7.9AI score0.01373EPSS
cve
cve
added 2023/03/10 12:0 a.m.57 views

CVE-2023-1316

CVE-2023-1316 is a stored XSS vulnerability in osticket/osticket prior to v1.16.6. Multiple connected sources corroborate that the issue affects osticket/osticket by storing malicious scripts (notably via an email field) and potentially allows data disclosure or scripting in affected sessions. Th...

5.4CVSS4.9AI score0.00514EPSS
cve
cve
added 2023/10/23 12:0 a.m.57 views

CVE-2023-27149

CVE-2023-27149 describes a stored XSS in Enhancesoft osTicket v1.17.2, exploitable via crafted payload in the Label input during a custom list update. Affected component: Label field handling in osTicket’s custom lists. Impact per sources: execution of arbitrary web scripts/HTML. Root cause: inpu...

4.8CVSS4.9AI score0.00354EPSS
cve
cve
added 2023/06/14 12:0 a.m.57 views

CVE-2023-30082

CVE-2023-30082 affects the osTicket application. The available documents describe a denial-of-service vulnerability where supplying an unusually lengthy password (more than 10,000,000 characters) can cause the server to become unavailable or unresponsive by consuming high CPU and memory. The impa...

7.5CVSS7.5AI score0.00999EPSS
cve
cve
added 2026/01/12 6:34 p.m.57 views

CVE-2026-22200

The CVE-2026-22200 issue affects Enhancesoft osTicket 1.18.x before 1.18.3 and 1.17.x before 1.17.7, where the ticket PDF export path allows an arbitrary file read. A vulnerability arises when a ticket submission includes crafted rich-text HTML with PHP filter expressions, which are not adequatel...

8.7CVSS5.9AI score0.73125EPSS
cve
cve
added 2020/06/10 5:56 p.m.56 views

CVE-2020-14012

osTicket 1.14.2 is vulnerable to an XSS in the scp/categories.php file via Knowledgebase Category Name or Category Description. The attacker must be an authenticated Agent. The issue is documented across multiple sources (CVE-2020-14012 and related records) and is not tied to a specific exploit s...

5.4CVSS5.1AI score0.0051EPSS
Web
cve
cve
added 2021/06/28 6:30 p.m.56 views

CVE-2020-22608

CVE-2020-22608 affects osTicket (Enhancesoft) prior to v1.12.6. A cross-site scripting vulnerability exists via the queue-name parameter in include/ajax.search.php. Impact is consistent with XSS as described in multiple sources; CVSS v3.1 base score 6.1 (NETWORK, LOW ATTACK COMPLEXITY, USER INTER...

6.1CVSS6AI score0.00672EPSS
Web
cve
cve
added 2020/05/04 12:28 p.m.53 views

CVE-2020-12629

The CVE concerns osTicket before 1.14.2, where include/class.sla.php is vulnerable to cross-site scripting via the SLA Name. Root cause is insufficient validation of client data in the SLA handling code. Impact described is client-side script execution via the SLA name field; exploitation details...

5.4CVSS5.2AI score0.01504EPSS
cve
cve
added 2010/02/11 5:0 p.m.52 views

CVE-2010-0606

Summary: The CVE-2010-0606 issue affects osTicket before 1.6.0 Stable. The vulnerability is a reflected XSS in the parameter f of scp/ajax.php , potentially related to an error message from scp/admin.php . It requires remote authentication and could allow injection of arbitrary web script or HTML...

3.5CVSS5.5AI score0.0087EPSS
Web
cve
cve
added 2014/07/09 2:0 p.m.52 views

CVE-2014-4744

osTicket

4.3CVSS5.9AI score0.0193EPSS
cve
cve
added 2015/01/23 3:0 p.m.52 views

CVE-2015-1176

CVE-2015-1176 is a reflected XSS vulnerability in osTicket before 1.9.5. The flaw resides in upload/scp/tickets.php, where the status parameter used during a search action can be crafted to inject arbitrary web script or HTML, enabling remote attackers to execute code in a victim’s browser. Publi...

4.3CVSS5.9AI score0.01892EPSS
Web
cve
cve
added 2005/05/03 4:0 a.m.51 views

CVE-2005-1439

CVE-2005-1439 : In osTicket, a directory traversal vulnerability exists in attachments.php that allows remote attackers to read arbitrary files via .. sequences in the file parameter. Evidence from multiple sources confirms a network-wide, unauthenticated remote attack vector with a base CVSS v2 ...

7.5CVSS6.7AI score0.0172EPSS
cve
cve
added 2010/12/30 8:0 p.m.51 views

CVE-2010-4634

osTicket 1.6 is affected by a directory traversal vulnerability. The issue allows remote attackers to read arbitrary files by supplying .. sequences in the file parameter to module.php, a vulnerability described across CVE-2010-4634. The description notes this is a separate vector from CVE-2005-1...

5CVSS6.8AI score0.02475EPSS
cve
cve
added 2023/03/10 12:0 a.m.51 views

CVE-2023-1320

The CVE-2023-1320 entry concerns a stored XSS vulnerability in osticket/osticket prior to v1.16.6. The vulnerability affects the web application’s handling of user-supplied input, enabling an attacker to inject script that can be executed in an authenticated user’s browser, potentially accessing ...

7.1CVSS6.1AI score0.00624EPSS
cve
cve
added 2015/01/23 3:0 p.m.50 views

CVE-2015-1347

CVE-2015-1347 affects the osTicket project: a cross-site scripting (XSS) vulnerability in the file client.inc.php in versions before 1.9.5.1, exploitable via the lang parameter. The available connected documents confirm the issue and reference the fix in v1.9.5.1. Impact is remote script/HTML inj...

4.3CVSS5.9AI score0.01351EPSS
cve
cve
added 2010/02/11 5:0 p.m.49 views

CVE-2010-0605

Technical details for CVE-2010-0605 are not publicly available in the provided connected documents. The initial description covers the basic vulnerability info only. Monitor for updates from official advisories for affected versions and fixes.

7.5CVSS8.2AI score0.03048EPSS
Web
cve
cve
added 2020/08/26 12:0 p.m.48 views

CVE-2020-16193

Summary of CVE-2020-16193 : osTicket

5.4CVSS5.6AI score0.00582EPSS
cve
cve
added 2020/08/30 3:45 p.m.48 views

CVE-2020-24917

CVE-2020-24917 affects osTicket

6.1CVSS6AI score0.01215EPSS
Web
cve
cve
added 2005/05/03 4:0 a.m.45 views

CVE-2005-1436

CVE-2005-1436 corresponds to osTicket XSS vulnerabilities across multiple input vectors. Connected sources indicate broader issues in osTicket versions <= 1.2.7 and

6.8CVSS5.8AI score0.01675EPSS
cve
cve
added 2018/03/27 5:0 p.m.43 views

CVE-2018-7194

CVE-2018-7194 affects Enhancesoft osTicket up to version 1.10.1. The vulnerability is an integer format issue in the ticket number generator that allows a remote attacker to trigger a denial of service by sending a ticket creation request with a very large number of digits in the ticket number fo...

4.9CVSS5AI score0.01305EPSS
cve
cve
added 2009/07/08 3:0 p.m.42 views

CVE-2009-2361

CVE-2009-2361 describes a SQL injection in osTicket’s include/class.staff.php. The vulnerability permits remote attackers to inject arbitrary SQL via the staff username parameter, affecting versions prior to 1.6 RC5. The issue exposes the possibility of unauthorized data access or modification du...

7.5CVSS8.7AI score0.05169EPSS
Web
cve
cve
added 2018/03/27 5:0 p.m.42 views

CVE-2018-7195

CVE-2018-7195 concerns Enhancesoft osTicket before 1.10.2. The issue allows a remote attacker to reset arbitrary passwords (when an associated e‑mail address is known) by exploiting guest access and guessing a 6‑digit number. Public sources in the connected documents consistently describe this as...

8.1CVSS8AI score0.01023EPSS
cve
cve
added 2026/04/02 12:0 a.m.12 views

CVE-2026-26895

The issue is a user enumeration vulnerability in osTicket v1.18.2, exposed via /pwreset.php, allowing remote attackers to enumerate valid usernames registered on the platform. The description consistently refers to a username enumeration flaw without detailing the root cause beyond the vulnerable...

5.3CVSS5.9AI score0.00347EPSS