Shodan
Vulnerabilities
Vulnerable Software
Osticket:  >> Osticket  >> 1.0  Security Vulnerabilities
CVE-2018-7192
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.
CVSS Score
6.1
EPSS Score
0.008
Published
2018-03-27
CVE-2018-7193
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2018-03-27
CVE-2018-7194
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
CVSS Score
4.9
EPSS Score
0.006
Published
2018-03-27
CVE-2018-7195
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
CVSS Score
8.1
EPSS Score
0.004
Published
2018-03-27
CVE-2018-7196
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2018-03-27
CVE-2015-1347
Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-01-23
CVE-2015-1176
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-01-23
CVE-2014-4744
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-07-09
CVE-2006-5407
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2006-10-19
CVE-2005-1439
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2005-05-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved