Vulnerabilities > Osticket > Osticket > 1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-02-11 | CVE-2010-0606 | Cross-Site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. | 3.5 |
2010-02-11 | CVE-2010-0605 | SQL Injection vulnerability in Osticket SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter. | 7.5 |
2005-05-03 | CVE-2005-1438 | Remote Security vulnerability in Osticket 1 PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. | 7.5 |