Vulnerabilities > Osticket > Low

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2020-16193 Cross-site Scripting vulnerability in Osticket
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
network
osticket CWE-79
3.5
3.5
2019-08-07 CVE-2019-14748 Cross-site Scripting vulnerability in Osticket
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1.
network
osticket CWE-79
3.5
3.5
2010-02-11 CVE-2010-0606 Cross-Site Scripting vulnerability in Osticket
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
network
osticket CWE-79
3.5
3.5