1.11

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-13	CVE-2022-32074	Cross-site Scripting vulnerability in Osticket A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. network low complexity osticket CWE-79	5.4
2020-11-02	CVE-2020-24881	Server-Side Request Forgery (SSRF) vulnerability in Osticket SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. network low complexity osticket CWE-918 critical	9.8
2020-08-30	CVE-2020-24917	Cross-site Scripting vulnerability in Osticket osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. network low complexity osticket CWE-79	6.1
2020-08-26	CVE-2020-16193	Cross-site Scripting vulnerability in Osticket osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. network low complexity osticket CWE-79	5.4
2019-04-25	CVE-2019-11537	Cross-site Scripting vulnerability in Osticket In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. network low complexity osticket CWE-79	6.1