CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27149
https://notcve.org/view.php?id=CVE-2023-27149
23 Oct 2023 — A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. Una vulnerabilidad de cross-site scripting (XSS) almacenada en Enhancesoft osTicket v1.17.2 permite a los atacantes ejecutar scripts o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro de entrada Etiqueta al actualizar una lista personalizada. • https://www.esecforte.com/cve-2023-27149-osticket_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27148
https://notcve.org/view.php?id=CVE-2023-27148
23 Oct 2023 — A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. Una vulnerabilidad de cross-site scripting (XSS) almacenada en el panel de administración de Enhancesoft osTicket v1.17.2 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en el parámetro Nombre de función. • https://www.esecforte.com/cve-2023-27148-osticket_xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-30082
https://notcve.org/view.php?id=CVE-2023-30082
14 Jun 2023 — A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory. • https://blog.manavparekh.com/2023/06/cve-2023-30082.html • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32074
https://notcve.org/view.php?id=CVE-2022-32074
13 Jul 2022 — A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente audit/class.audit.php de osTicket-plugins - Storage-FS versiones anteriores al commit a7842d494889fd5533d13deb3c6a7789768795ae, permite a atacantes ejecutar scripts web o ... • https://github.com/reewardius/CVE-2022-32074 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •