Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2018-7192
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "message" parameter.
Osticket Osticket
6.1
CVSSv3
CVE-2018-7193
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "order" parameter.
Osticket Osticket
4.9
CVSSv3
CVE-2018-7194
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
Osticket Osticket
6.1
CVSSv3
CVE-2020-24917
osTicket prior to 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
Osticket Osticket
9.8
CVSSv3
CVE-2020-24881
SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Osticket Osticket
NA
CVE-2006-5407
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote malicious users to execute arbitrary PHP code via a URL in the include_dir parameter.
Osticket Osticket
NA
CVE-2005-1439
Directory traversal vulnerability in attachments.php in osTicket allows remote malicious users to read arbitrary files via .. sequences in the file parameter.
Osticket Osticket
6.1
CVSSv3
CVE-2019-14750
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields lead...
Osticket Osticket
1 EDB exploit
8.8
CVSSv3
CVE-2019-14749
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the...
Osticket Osticket
1 EDB exploit
5.4
CVSSv3
CVE-2022-32074
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows malicious users to execute arbitrary web scripts or HTML via a crafted SVG file.
Osticket Osticket
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »