Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-1316
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Enhancesoft Osticket
NA
CVE-2022-31888
Session Fixation vulnerability in in function login in class.auth.php in osTicket up to and including 1.16.2.
Enhancesoft Osticket
7.5
CVSSv2
CVE-2021-42235
SQL injection in osTicket prior to 1.14.8 and 1.15.4 login and password reset process allows malicious users to access the osTicket administration profile functionality.
Enhancesoft Osticket
4.3
CVSSv2
CVE-2020-22609
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
Enhancesoft Osticket
1 Github repository
3.5
CVSSv2
CVE-2020-12629
include/class.sla.php in osTicket prior to 1.14.2 allows XSS via the SLA Name.
Enhancesoft Osticket
1 Github repository
4.3
CVSSv2
CVE-2020-22608
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
Enhancesoft Osticket
NA
CVE-2023-27149
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.
Enhancesoft Osticket 1.17.2
NA
CVE-2023-27148
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.
Enhancesoft Osticket 1.17.2
NA
CVE-2023-30082
A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure w...
Enhancesoft Osticket 1.17.2
4.3
CVSSv2
CVE-2019-13397
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote malicious user to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
Enhancesoft Osticket 1.10.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »