Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-5407
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote malicious users to execute arbitrary PHP code via a URL in the include_dir parameter.
Osticket Osticket
3.5
CVSSv2
CVE-2019-14748
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is...
Osticket Osticket
1 EDB exploit
6.8
CVSSv2
CVE-2019-14749
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the...
Osticket Osticket
1 EDB exploit
4.3
CVSSv2
CVE-2019-14750
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields lead...
Osticket Osticket
1 EDB exploit
3.5
CVSSv2
CVE-2020-16193
osTicket prior to 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
Osticket Osticket
4.3
CVSSv2
CVE-2019-11537
In osTicket prior to 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can le...
Osticket Osticket
4.3
CVSSv2
CVE-2015-1347
Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket prior to 1.9.5.1 allows remote malicious users to inject arbitrary web script or HTML via the lang parameter.
Osticket Osticket
4.3
CVSSv2
CVE-2018-7192
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "message" parameter.
Osticket Osticket
4.3
CVSSv2
CVE-2018-7193
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "order" parameter.
Osticket Osticket
4
CVSSv2
CVE-2018-7194
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
Osticket Osticket
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »