Osticket Security Vulnerabilities and Issues — Osticket CVE List

Lucene search

EnhancesoftOsticket

5 matches found

CVE•added 2024/02/20 9:15 p.m.•4008 views

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.

6.1CVSS6.6AI score0.00108EPSS

CVE•added 2019/07/09 5:15 p.m.•76 views

CVE-2019-13397

Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.

6.1CVSS6AI score0.00215EPSS

CVE•added 2021/06/28 7:15 p.m.•52 views

CVE-2020-22609

Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.

6.1CVSS6AI score0.0024EPSS

CVE•added 2023/09/08 2:15 a.m.•51 views

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

6.5CVSS7AI score0.61668EPSS

CVE•added 2021/06/28 7:15 p.m.•44 views

CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.

6.1CVSS6AI score0.00216EPSS