4.3

CVE-2014-4744

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EnhancesoftOsticket Version1.8.0
EnhancesoftOsticket Version1.8.0 Updaterc1
EnhancesoftOsticket Version1.8.0 Updaterc2
EnhancesoftOsticket Version1.8.0.1
EnhancesoftOsticket Version1.8.0.2
EnhancesoftOsticket Version1.8.0.3
EnhancesoftOsticket Version1.8.0.4
EnhancesoftOsticket Version1.8.1 Updaterc1
EnhancesoftOsticket Version1.8.1.1
EnhancesoftOsticket Version1.8.1.2
EnhancesoftOsticket Version1.8.3
EnhancesoftOsticket Version1.8.4
EnhancesoftOsticket Version1.9.0
OsticketOsticket Version <= 1.9.1
OsticketOsticket Version1.0
OsticketOsticket Version1.2.7
OsticketOsticket Version1.3.0
OsticketOsticket Version1.6 Updaterc1
OsticketOsticket Version1.6 Updaterc2
OsticketOsticket Version1.6 Updaterc3
OsticketOsticket Version1.6 Updaterc4
OsticketOsticket Version1.6 Updaterc5
OsticketOsticket Version1.6.0
OsticketOsticket Version1.8.1
OsticketOsticket Version1.8.1 Updatedeveloper_preview
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.46
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.