Vulnerabilities > Enhancesoft

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-23	CVE-2023-27148	Cross-site Scripting vulnerability in Enhancesoft Osticket 1.17.2 A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. network low complexity enhancesoft CWE-79	4.8
2023-10-23	CVE-2023-27149	Cross-site Scripting vulnerability in Enhancesoft Osticket 1.17.2 A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. network low complexity enhancesoft CWE-79	4.8
2023-09-08	CVE-2021-45811	SQL Injection vulnerability in Enhancesoft Osticket A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. network low complexity enhancesoft CWE-89	6.5
2023-06-14	CVE-2023-30082	Improper Validation of Specified Quantity in Input vulnerability in Enhancesoft Osticket 1.17.2 A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. network low complexity enhancesoft CWE-1284	7.5
2023-04-05	CVE-2022-31888	Session Fixation vulnerability in Enhancesoft Osticket Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. network low complexity enhancesoft CWE-384	8.8
2023-04-05	CVE-2022-31889	Cross-site Scripting vulnerability in Enhancesoft Audit LOG Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae. network low complexity enhancesoft CWE-79	6.1
2023-04-05	CVE-2022-31890	SQL Injection vulnerability in Enhancesoft Audit LOG SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function. network low complexity enhancesoft CWE-89 critical	9.8
2023-03-10	CVE-2023-1315	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. network low complexity enhancesoft CWE-79	5.4
2023-03-10	CVE-2023-1316	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. network low complexity enhancesoft CWE-79	5.4
2023-03-10	CVE-2023-1317	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. network low complexity enhancesoft CWE-79	5.4

Vulnerabilities > Enhancesoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Enhancesoft"}]}

Vulnerabilities > Enhancesoft