Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-7192
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "message" parameter.
Osticket Osticket
6.1
CVSSv3
CVE-2018-7193
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "order" parameter.
Osticket Osticket
4.9
CVSSv3
CVE-2018-7194
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
Osticket Osticket
8.1
CVSSv3
CVE-2018-7195
Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
Osticket Osticket
6.1
CVSSv3
CVE-2018-7196
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "sort" parameter.
Osticket Osticket
NA
CVE-2006-5407
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote malicious users to execute arbitrary PHP code via a URL in the include_dir parameter.
Osticket Osticket
5.4
CVSSv3
CVE-2020-16193
osTicket prior to 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
Osticket Osticket
NA
CVE-2005-1439
Directory traversal vulnerability in attachments.php in osTicket allows remote malicious users to read arbitrary files via .. sequences in the file parameter.
Osticket Osticket
6.1
CVSSv3
CVE-2020-24917
osTicket prior to 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
Osticket Osticket
9.8
CVSSv3
CVE-2020-24881
SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Osticket Osticket
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »