Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:enhancesoft:osticket:1.8.0:rc2:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-31888 |
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. Published: April 05, 2023; 6:15:07 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-1320 |
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Published: March 10, 2023; 11:15:11 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-1319 |
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Published: March 10, 2023; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-1318 |
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. Published: March 10, 2023; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-1317 |
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. Published: March 10, 2023; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-1316 |
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Published: March 10, 2023; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-1315 |
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. Published: March 10, 2023; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-4271 |
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. Published: December 02, 2022; 11:15:09 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2021-42235 |
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. Published: May 04, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-22609 |
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php. Published: June 28, 2021; 3:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-22608 |
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php. Published: June 28, 2021; 3:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2020-12629 |
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. Published: May 04, 2020; 9:15:13 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2014-4744 |
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. Published: July 09, 2014; 10:55:04 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |