Enhancesoft: >> Osticket >> 1.12.3 Security Vulnerabilities
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-05-04
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-28
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-06-28
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-05-04
Page 2