Vulnerabilities > Osticket

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-27	CVE-2018-7193	Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. network osticket CWE-79	4.3
2018-03-27	CVE-2018-7192	Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. network osticket CWE-79	4.3
2017-10-23	CVE-2017-15580	Unrestricted Upload of File with Dangerous Type vulnerability in Osticket 1.10.1 osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. network low complexity osticket CWE-434	7.5
2017-10-16	CVE-2017-15362	Cross-site Scripting vulnerability in Osticket 1.10.1 osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. network osticket CWE-79	4.3
2017-09-12	CVE-2017-14396	SQL Injection vulnerability in Osticket 1.10 In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. network low complexity osticket CWE-89	7.5
2015-01-23	CVE-2015-1347	Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. network osticket CWE-79	4.3
2015-01-23	CVE-2015-1176	Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. network osticket CWE-79	4.3
2014-07-09	CVE-2014-4744	Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. network enhancesoft osticket CWE-79	4.3
2010-02-11	CVE-2010-0606	Cross-Site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php. network osticket CWE-79	3.5
2010-02-11	CVE-2010-0605	SQL Injection vulnerability in Osticket SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter. network low complexity osticket CWE-89	7.5

Vulnerabilities > Osticket {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Osticket"}]}

Vulnerabilities > Osticket