Osticket - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Osticket
(Enhancesoft)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	19

Date	Id	Summary	Products	Score	Patch	Annotated
2023-03-10	CVE-2023-1318	Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.	Osticket	5.4
2023-03-10	CVE-2023-1319	Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.	Osticket	4.8
2022-12-02	CVE-2022-4271	Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.	Osticket	5.4
2022-05-04	CVE-2021-42235	SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.	Osticket	9.8
2021-06-28	CVE-2020-22608	Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.	Osticket	6.1
2021-06-28	CVE-2020-22609	Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.	Osticket	6.1
2020-06-10	CVE-2020-14012	scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.	Osticket	N/A
2020-05-04	CVE-2020-12629	include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.	Osticket	N/A
2014-07-09	CVE-2014-4744	Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.	Osticket, Osticket	N/A