Vulnerabilities > Osticket

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-24881 Server-Side Request Forgery (SSRF) vulnerability in Osticket
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
network
low complexity
osticket CWE-918
7.5
2020-08-30 CVE-2020-24917 Cross-Site Scripting vulnerability in Osticket
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
network
osticket CWE-79
4.3
2020-08-26 CVE-2020-16193 Cross-Site Scripting vulnerability in Osticket
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
network
osticket CWE-79
3.5
2019-08-07 CVE-2019-14750 Cross-Site Scripting vulnerability in Osticket
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1.
network
osticket CWE-79
4.3
2019-08-07 CVE-2019-14749 Unspecified vulnerability in Osticket
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1.
network
osticket CWE-1236
6.8
2019-08-07 CVE-2019-14748 Cross-Site Scripting vulnerability in Osticket
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1.
network
osticket CWE-79
3.5
2019-04-25 CVE-2019-11537 Cross-Site Scripting vulnerability in Osticket
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message.
network
osticket CWE-79
4.3
2018-03-27 CVE-2018-7196 Cross-Site Scripting vulnerability in Osticket
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.
network
osticket CWE-79
4.3
2018-03-27 CVE-2018-7195 Unspecified vulnerability in Osticket
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
network
osticket
4.3
2018-03-27 CVE-2018-7194 Integer Overflow OR Wraparound vulnerability in Osticket
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
network
low complexity
osticket CWE-190
4.0