Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-14749
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the...
Osticket Osticket
1 EDB exploit
4.3
CVSSv2
CVE-2019-14750
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields lead...
Osticket Osticket
1 EDB exploit
3.5
CVSSv2
CVE-2020-16193
osTicket prior to 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
Osticket Osticket
4.3
CVSSv2
CVE-2015-1176
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket prior to 1.9.5 allows remote malicious users to inject arbitrary web script or HTML via the status parameter in a search action.
Osticket Osticket
4.3
CVSSv2
CVE-2019-11537
In osTicket prior to 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can le...
Osticket Osticket
5
CVSSv2
CVE-2010-4634
Directory traversal vulnerability in osTicket 1.6 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party
Osticket Osticket 1.6
6.4
CVSSv2
CVE-2004-0614
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote malicious users to upload a file of any size.
Osticket Osticket Sts
7.5
CVSSv2
CVE-2005-1438
PHP remote file inclusion vulnerability in main.php in osTicket allows remote malicious users to execute arbitrary PHP code via the include_dir parameter.
Osticket Osticket 1
7.5
CVSSv2
CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extensio...
Osticket Osticket 1.10.1
1 EDB exploit
7.5
CVSSv2
CVE-2017-14396
In osTicket prior to 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Osticket Osticket 1.10
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »