Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2022-32074

Published: 13/07/2022 Updated: 20/07/2022
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0

Vulnerability Summary

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows malicious users to execute arbitrary web scripts or HTML via a crafted SVG file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

osticket osticket

Github Repositories

https://github.com/reewardius/CVE-2022-32074

CVE-2022-32074 for osTicket | Support Ticketing System 1 Find the file listing directory, the root of the file download directoryм (file_uploads (this is an example)) 2 Load the following xssPayloadsvg and open it Example:

References

CWE-79https://github.com/osTicket/osTicket-pluginshttps://owasp.org/www-community/attacks/xss/https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795aehttps://nvd.nist.govhttps://github.com/reewardius/CVE-2022-32074
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camerabypassCVE-2024-3592CVE-2024-37383CVE-2024-24919CVE-2024-27822CVE-2024-36788CVE-2024-36789man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook