Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1317
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
Enhancesoft Osticket
NA
CVE-2023-1318
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
Enhancesoft Osticket
NA
CVE-2021-45811
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated malicious users to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
Enhancesoft Osticket
668
VMScore
CVE-2021-42235
SQL injection in osTicket prior to 1.14.8 and 1.15.4 login and password reset process allows malicious users to access the osTicket administration profile functionality.
Enhancesoft Osticket
312
VMScore
CVE-2020-12629
include/class.sla.php in osTicket prior to 1.14.2 allows XSS via the SLA Name.
Enhancesoft Osticket
1 Github repository
NA
CVE-2022-4271
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket before 1.16.4.
Enhancesoft Osticket
NA
CVE-2023-30082
A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure w...
Enhancesoft Osticket 1.17.2
312
VMScore
CVE-2020-14012
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.
Enhancesoft Osticket 1.14.2
NA
CVE-2023-27148
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.
Enhancesoft Osticket 1.17.2
NA
CVE-2023-27149
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.
Enhancesoft Osticket 1.17.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »