CVE-2019-14750

Published: 07/08/2019 Updated: 14/08/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
osticket osticket

# Exploit Title: osTicket-v112 Stored XSS # Vendor Homepage: osticketcom/ # Software Link: osticketcom/download/ # Exploit Author: Aishwarya Iyer # Contact: twittercom/aish_9524 # Website: aboutme/aish_iyer # Category: webapps # CVE: CVE-2019-14750 1 Description An issue was discovered in osTicket before 110 ...

CWE-79 https://github.com/osTicket/osTicket/releases/tag/v1.10.7 https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12 https://github.com/osTicket/osTicket/releases/tag/v1.12.1 http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/47226 https://nvd.nist.gov https://www.exploit-db.com/exploits/47226

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-14750

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect