Osticket: >> Osticket >> 1.6 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
CVSS Score
3.5
EPSS Score
0.002
Published
2010-02-11
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
CVSS Score
7.5
EPSS Score
0.023
Published
2009-07-08
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2006-10-19
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
CVSS Score
7.5
EPSS Score
0.005
Published
2005-05-03
Page 3