Enhancesoft: >> Osticket >> 1.15.1 Security Vulnerabilities
Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-02-20
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
CVSS Score
6.5
EPSS Score
0.581
Published
2023-09-08
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
CVSS Score
8.8
EPSS Score
0.007
Published
2023-04-05
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
7.1
EPSS Score
0.004
Published
2023-03-10
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.31
Published
2023-03-10
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
4.5
EPSS Score
0.001
Published
2023-03-10
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.036
Published
2023-03-10
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
5.4
EPSS Score
0.078
Published
2023-03-10
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-03-10
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
CVSS Score
8.0
EPSS Score
0.002
Published
2022-12-02
Page 1