Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket 1.10.1 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extensio...
Osticket Osticket 1.10.1
1 EDB exploit
4.3
CVSSv2
CVE-2017-15362
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish co...
Osticket Osticket 1.10.1
4.3
CVSSv2
CVE-2019-13397
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote malicious user to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
Enhancesoft Osticket 1.10.1
7.5
CVSSv2
CVE-2017-14396
In osTicket prior to 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Osticket Osticket 1.10
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started