Vulnerabilities > Osticket > Osticket > 1.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-02 | CVE-2020-24881 | Server-Side Request Forgery (SSRF) vulnerability in Osticket SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | 7.5 |
2020-08-30 | CVE-2020-24917 | Cross-site Scripting vulnerability in Osticket osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. | 4.3 |
2020-08-26 | CVE-2020-16193 | Cross-site Scripting vulnerability in Osticket osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. | 3.5 |
2019-08-07 | CVE-2019-14750 | Cross-site Scripting vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 4.3 |
2019-08-07 | CVE-2019-14749 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 6.8 |
2019-08-07 | CVE-2019-14748 | Cross-site Scripting vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 3.5 |