Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-32074
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows malicious users to execute arbitrary web scripts or HTML via a crafted SVG file.
Osticket Osticket
1 Github repository
NA
CVE-2005-1439
Directory traversal vulnerability in attachments.php in osTicket allows remote malicious users to read arbitrary files via .. sequences in the file parameter.
Osticket Osticket
6.1
CVSSv3
CVE-2020-24917
osTicket prior to 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
Osticket Osticket
6.1
CVSSv3
CVE-2018-7192
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "message" parameter.
Osticket Osticket
6.1
CVSSv3
CVE-2018-7193
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "order" parameter.
Osticket Osticket
4.9
CVSSv3
CVE-2018-7194
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
Osticket Osticket
8.1
CVSSv3
CVE-2018-7195
Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
Osticket Osticket
6.1
CVSSv3
CVE-2018-7196
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to inject arbitrary web script or HTML via the "sort" parameter.
Osticket Osticket
6.1
CVSSv3
CVE-2019-11537
In osTicket prior to 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can le...
Osticket Osticket
NA
CVE-2015-1347
Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket prior to 1.9.5.1 allows remote malicious users to inject arbitrary web script or HTML via the lang parameter.
Osticket Osticket
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »