Osticket Security Vulnerabilities and Issues — Osticket CVE List

Lucene search

EnhancesoftOsticket

4 matches found

CVE•added 2023/03/10 4:15 p.m.•49 views

CVE-2023-1319

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

4.8CVSS4.9AI score0.00063EPSS

CVE•added 2023/10/23 8:15 p.m.•42 views

CVE-2023-27149

A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.

4.8CVSS4.9AI score0.00063EPSS

CVE•added 2014/07/09 2:55 p.m.•39 views

CVE-2014-4744

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

4.3CVSS5.9AI score0.00256EPSS

CVE•added 2023/10/23 8:15 p.m.•39 views

CVE-2023-27148

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.

4.8CVSS4.9AI score0.00063EPSS