Vulnerabilities > Osticket > Osticket > 1

DATE CVE VULNERABILITY TITLE RISK
2010-02-11 CVE-2010-0606 Cross-Site Scripting vulnerability in Osticket
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
network
osticket CWE-79
3.5
3.5
2010-02-11 CVE-2010-0605 SQL Injection vulnerability in Osticket
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
network
low complexity
osticket CWE-89
7.5
7.5
2005-05-03 CVE-2005-1438 Remote Security vulnerability in Osticket 1
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
network
low complexity
osticket
7.5
7.5