U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:enhancesoft:osticket:1.8.1:rc1:*:*:*:*:*:*
  • CPE Name Search: true
There are 13 matching records.
Displaying matches 1 through 13.
Vuln ID Summary CVSS Severity
CVE-2022-31888

Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.

Published: April 05, 2023; 6:15:07 PM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-1320

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

Published: March 10, 2023; 11:15:11 AM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-1319

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

Published: March 10, 2023; 11:15:10 AM -0500 		V4.0:(not available)
 V3.1: 4.8 MEDIUM
V2.0:(not available)
CVE-2023-1318

Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.

Published: March 10, 2023; 11:15:10 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-1317

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

Published: March 10, 2023; 11:15:10 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-1316

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.

Published: March 10, 2023; 11:15:10 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-1315

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.

Published: March 10, 2023; 11:15:10 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2022-4271

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.

Published: December 02, 2022; 11:15:09 AM -0500 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2021-42235

SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.

Published: May 04, 2022; 1:15:08 PM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-22609

Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.

Published: June 28, 2021; 3:15:07 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-22608

Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.

Published: June 28, 2021; 3:15:07 PM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-12629

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.

Published: May 04, 2020; 9:15:13 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2014-4744

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

Published: July 09, 2014; 10:55:04 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 4.3 MEDIUM