Vulnerabilities > Osticket > Osticket > 1.8.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-7193 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | 4.3 |
| 2018-03-27 | CVE-2018-7192 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | 4.3 |
| 2015-01-23 | CVE-2015-1347 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
| 2015-01-23 | CVE-2015-1176 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. | 4.3 |
| 2014-07-09 | CVE-2014-4744 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. | 4.3 |