CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7193
https://notcve.org/view.php?id=CVE-2018-7193
27 Mar 2018 — Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/directory.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro "order". • https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7196
https://notcve.org/view.php?id=CVE-2018-7196
27 Mar 2018 — Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/index.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro "sort". • https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7194
https://notcve.org/view.php?id=CVE-2018-7194
27 Mar 2018 — Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting. Vulnerabilidad de formato de enteros en el generador de números de ticket en versiones anteriores a la 1.10.2 de Enhancesoft osTicket permite que atacantes remotos provoquen una denegación de servicio (evitando la creación de nuevos tickets) mediante un ... • https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7195
https://notcve.org/view.php?id=CVE-2018-7195
27 Mar 2018 — Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. Enhancesoft osTicket en versiones anteriores a la 1.10.2 permite que atacantes remotos restablezcan contraseñas arbitrarias (cuando se conoce una dirección de correo electrónico asociada), aprovechando el acceso de invitado y adivinando un número de 6 dígitos. • https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7192
https://notcve.org/view.php?id=CVE-2018-7192
27 Mar 2018 — Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en /ajax.php/form/help-topic en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro "message". • https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1347
https://notcve.org/view.php?id=CVE-2015-1347
23 Jan 2015 — Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Vulnerabilidad de XSS en client.inc.php en osTicket anterior a 1.9.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro lang. • https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 2CVE-2015-1176 – osTicket 1.9.4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1176
22 Jan 2015 — Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. Vulnerabilidad de XSS en upload/scp/tickets.php en osTicket anterior a 1.9.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro status en una acción de búsqueda. osTicket version 1.9.4 suffers from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 2CVE-2014-4744
https://notcve.org/view.php?id=CVE-2014-4744
09 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. Múltiples vulnerabilidades de XSS en osTicket anterior a 1.9.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros (1) Phone Number field en open.php o (2) Phone number f... • http://secunia.com/advisories/59539 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •