Enhancesoft: Security Vulnerabilities
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
4.5
EPSS Score
0.001
Published
2023-03-10
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.036
Published
2023-03-10
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.078
Published
2023-03-10
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-03-10
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-12-02
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-04
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-28
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-28
scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-06-10
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-05-04