Vulnerabilities > Osticket
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-27 | CVE-2018-7193 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | 4.3 |
2018-03-27 | CVE-2018-7192 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | 4.3 |
2017-10-23 | CVE-2017-15580 | Unrestricted Upload of File with Dangerous Type vulnerability in Osticket 1.10.1 osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. | 7.5 |
2017-10-16 | CVE-2017-15362 | Cross-site Scripting vulnerability in Osticket 1.10.1 osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. | 4.3 |
2017-09-12 | CVE-2017-14396 | SQL Injection vulnerability in Osticket 1.10 In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | 7.5 |
2015-01-23 | CVE-2015-1347 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
2015-01-23 | CVE-2015-1176 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. | 4.3 |
2014-07-09 | CVE-2014-4744 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. | 4.3 |
2010-02-11 | CVE-2010-0606 | Cross-Site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. | 3.5 |
2010-02-11 | CVE-2010-0605 | SQL Injection vulnerability in Osticket SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter. | 7.5 |