Vulnerabilities > Enhancesoft

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-10	CVE-2023-1318	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. network low complexity enhancesoft CWE-79	5.4
2023-03-10	CVE-2023-1319	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. network low complexity enhancesoft CWE-79	4.8
2023-03-10	CVE-2023-1320	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. network low complexity enhancesoft CWE-79	6.1
2022-12-02	CVE-2022-4271	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. network low complexity enhancesoft CWE-79	5.4
2022-05-04	CVE-2021-42235	SQL Injection vulnerability in Enhancesoft Osticket SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. network low complexity enhancesoft CWE-89 critical	9.8
2021-06-28	CVE-2020-22608	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php. network low complexity enhancesoft CWE-79	6.1
2021-06-28	CVE-2020-22609	Cross-site Scripting vulnerability in Enhancesoft Osticket Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php. network low complexity enhancesoft CWE-79	6.1
2020-06-10	CVE-2020-14012	Cross-site Scripting vulnerability in Enhancesoft Osticket 1.14.2 scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. network low complexity enhancesoft CWE-79	5.4
2020-05-04	CVE-2020-12629	Cross-site Scripting vulnerability in Enhancesoft Osticket include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. network low complexity enhancesoft CWE-79	5.4
2019-07-09	CVE-2019-13397	Cross-site Scripting vulnerability in Enhancesoft Osticket 1.10.1 Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. network low complexity enhancesoft CWE-79	6.1

Vulnerabilities > Enhancesoft {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Enhancesoft"}]}

Vulnerabilities > Enhancesoft