CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13397
https://notcve.org/view.php?id=CVE-2019-13397
09 Jul 2019 — Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. Un problema de tipo XSS almacenado no identificado en osTicket versión 1.10.1, permite a un atacante remoto alcanzar privilegios de administrador al inyectar un script web o HTML arbitrario por medio de una extensión de archivo arbitraria durante la creación de un ticket de soporte. • https://medium.com/%40sarapremashish/osticket-1-10-1-unauthenticated-stored-xss-allows-an-attacker-to-gain-admin-privileges-6a0348761a3a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 2CVE-2014-4744
https://notcve.org/view.php?id=CVE-2014-4744
09 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. Múltiples vulnerabilidades de XSS en osTicket anterior a 1.9.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros (1) Phone Number field en open.php o (2) Phone number f... • http://secunia.com/advisories/59539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •