Vulnerabilities > Osticket > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-13 | CVE-2022-32074 | Cross-site Scripting vulnerability in Osticket A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | 5.4 |
| 2020-08-30 | CVE-2020-24917 | Cross-site Scripting vulnerability in Osticket osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. | 6.1 |
| 2020-08-26 | CVE-2020-16193 | Cross-site Scripting vulnerability in Osticket osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. | 5.4 |
| 2019-08-07 | CVE-2019-14750 | Cross-site Scripting vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 6.1 |
| 2019-08-07 | CVE-2019-14748 | Unrestricted Upload of File with Dangerous Type vulnerability in Osticket An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. | 5.4 |
| 2019-04-25 | CVE-2019-11537 | Cross-site Scripting vulnerability in Osticket In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. | 6.1 |
| 2018-03-27 | CVE-2018-7196 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | 6.1 |
| 2018-03-27 | CVE-2018-7194 | Integer Overflow or Wraparound vulnerability in Osticket Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting. | 4.9 |
| 2018-03-27 | CVE-2018-7193 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | 6.1 |
| 2018-03-27 | CVE-2018-7192 | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | 6.1 |