Vulnerabilities > Enhancesoft > Osticket > 1.17.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-23 | CVE-2023-27148 | Cross-site Scripting vulnerability in Enhancesoft Osticket 1.17.2 A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. | 4.8 |
2023-10-23 | CVE-2023-27149 | Cross-site Scripting vulnerability in Enhancesoft Osticket 1.17.2 A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. | 4.8 |
2023-06-14 | CVE-2023-30082 | Improper Validation of Specified Quantity in Input vulnerability in Enhancesoft Osticket 1.17.2 A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. | 7.5 |