NotCVE - vendor:"Enhancesoft" product:"Osticket" version:"1.14.2"

Page 2 of 14 results (0.006 seconds)

CVSS: 9.8EPSS: 94%CPEs: 1EXPL: 4

CVE-2020-24881 – osTicket 1.14.2 - SSRF

https://notcve.org/view.php?id=CVE-2020-24881

02 Nov 2020 — SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Una vulnerabilidad de tipo SSRF se presenta en osTicket versiones anteriores a 1.14.3, donde un atacante puede agregar un archivo malicioso al servidor o llevar a cabo un escaneo de puertos osTicket 1.14.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/49441 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-24917

https://notcve.org/view.php?id=CVE-2020-24917

30 Aug 2020 — osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php. osTicket versiones anteriores a 1.14.3, permite un ataque XSS por medio de un nombre de archivo diseñado en la función DraftAjaxAPI::_uploadInlineImage() en el archivo include/ajax.draft.php • https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-16193

https://notcve.org/view.php?id=CVE-2020-16193

26 Aug 2020 — osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. osTicket versiones anteriores a 1.14.3, permite un ataque de tipo XSS porque el archivo include/staff/banrule.inc.php presenta una llamada $info ["notes"] eco no comprobada • https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-14012

https://notcve.org/view.php?id=CVE-2020-14012

10 Jun 2020 — scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent. El archivo scp/categories.php en osTicket versión 1.14.2, permite un ataque de tipo XSS por medio de Knowledgebase Category Name o Category Description. El atacante debe ser un Agente • https://github.com/osTicket/osTicket/issues/5514 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2