Osticket

Osticket

30 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2018-7192

Exploit
  • EPSS 0.27%
  • Veröffentlicht 27.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:45

Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.

6.1

CVE-2018-7196

Exploit
  • EPSS 0.53%
  • Veröffentlicht 27.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:46

Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.

8.1

CVE-2018-7195

Exploit
  • EPSS 0.35%
  • Veröffentlicht 27.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:46

Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.

4.9

CVE-2018-7194

Exploit
  • EPSS 0.57%
  • Veröffentlicht 27.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:45

Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format s...

6.1

CVE-2018-7193

Exploit
  • EPSS 0.53%
  • Veröffentlicht 27.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:45

Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.

9.8

CVE-2017-15580

Exploit
  • EPSS 35.84%
  • Veröffentlicht 23.10.2017 08:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a...

6.1

CVE-2017-15362

  • EPSS 0.4%
  • Veröffentlicht 16.10.2017 01:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, inject...

9.8

CVE-2017-14396

  • EPSS 1.97%
  • Veröffentlicht 12.09.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

4.3

CVE-2015-1347

  • EPSS 0.23%
  • Veröffentlicht 23.01.2015 15:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3

CVE-2015-1176

Exploit
  • EPSS 0.31%
  • Veröffentlicht 23.01.2015 15:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.