Vulnerabilities
Vulnerable Software
Enhancesoft:  >> Osticket  >> 1.16.6  Security Vulnerabilities
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.
CVSS Score
5.3
EPSS Score
0.003
Published
2026-04-02
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-05-05
Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-02-20
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVSS Score
5.4
EPSS Score
0.014
Published
2022-07-13
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
CVSS Score
7.5
EPSS Score
0.014
Published
2006-10-19
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
CVSS Score
7.5
EPSS Score
0.017
Published
2005-05-03


Contact Us

Shodan ® - All rights reserved