Vulnerabilities > Enhancesoft

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-1318 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft CWE-79
5.4
2023-03-10 CVE-2023-1319 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft CWE-79
4.8
2023-03-10 CVE-2023-1320 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
network
low complexity
enhancesoft CWE-79
6.1
2022-12-02 CVE-2022-4271 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
network
low complexity
enhancesoft CWE-79
5.4
2022-05-04 CVE-2021-42235 SQL Injection vulnerability in Enhancesoft Osticket
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
network
low complexity
enhancesoft CWE-89
critical
9.8
2021-06-28 CVE-2020-22608 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
network
low complexity
enhancesoft CWE-79
6.1
2021-06-28 CVE-2020-22609 Cross-site Scripting vulnerability in Enhancesoft Osticket
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
network
low complexity
enhancesoft CWE-79
6.1
2020-06-10 CVE-2020-14012 Cross-site Scripting vulnerability in Enhancesoft Osticket 1.14.2
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description.
network
low complexity
enhancesoft CWE-79
5.4
2020-05-04 CVE-2020-12629 Cross-site Scripting vulnerability in Enhancesoft Osticket
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
network
low complexity
enhancesoft CWE-79
5.4
2019-07-09 CVE-2019-13397 Cross-site Scripting vulnerability in Enhancesoft Osticket 1.10.1
Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
network
low complexity
enhancesoft CWE-79
6.1