Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1320
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Enhancesoft Osticket
NA
CVE-2021-45811
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated malicious users to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
Enhancesoft Osticket
383
VMScore
CVE-2020-22608
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
Enhancesoft Osticket
383
VMScore
CVE-2020-22609
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
Enhancesoft Osticket
1 Github repository
668
VMScore
CVE-2021-42235
SQL injection in osTicket prior to 1.14.8 and 1.15.4 login and password reset process allows malicious users to access the osTicket administration profile functionality.
Enhancesoft Osticket
312
VMScore
CVE-2020-12629
include/class.sla.php in osTicket prior to 1.14.2 allows XSS via the SLA Name.
Enhancesoft Osticket
1 Github repository
383
VMScore
CVE-2019-13397
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote malicious user to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
Enhancesoft Osticket 1.10.1
312
VMScore
CVE-2020-14012
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.
Enhancesoft Osticket 1.14.2
NA
CVE-2023-27149
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.
Enhancesoft Osticket 1.17.2
NA
CVE-2023-27148
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.
Enhancesoft Osticket 1.17.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »