Vulnerabilities > Enhancesoft > Osticket > 1.8.11

DATE CVE VULNERABILITY TITLE RISK
2023-04-05 CVE-2022-31888 Session Fixation vulnerability in Enhancesoft Osticket
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
network
low complexity
enhancesoft CWE-384
8.8
2023-03-10 CVE-2023-1315 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft CWE-79
5.4
2023-03-10 CVE-2023-1316 Unspecified vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft
5.4
2023-03-10 CVE-2023-1317 Unspecified vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft
5.4
2023-03-10 CVE-2023-1318 Unspecified vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft
5.4
2023-03-10 CVE-2023-1319 Unspecified vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft
4.8
2023-03-10 CVE-2023-1320 Unspecified vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft
6.1
2022-12-02 CVE-2022-4271 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
network
low complexity
enhancesoft CWE-79
5.4
2022-05-04 CVE-2021-42235 SQL Injection vulnerability in Enhancesoft Osticket
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
network
low complexity
enhancesoft CWE-89
critical
9.8
2021-06-28 CVE-2020-22608 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
network
low complexity
enhancesoft CWE-79
6.1