CVSS: 6.8EPSS: 7%CPEs: 1EXPL: 1CVE-2021-45811
https://notcve.org/view.php?id=CVE-2021-45811
08 Sep 2023 — A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. Una vulnerabilidad de inyección SQL en la funcionalidad "Search" de la página "tickets.php" en osTicket v1.15.x permite a atacantes autenticados ejecutar comandos SQL arbitrarios a través de la combinación de parámetros URL "keywords" y "topic_id". • http://enhancesoft.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31888
https://notcve.org/view.php?id=CVE-2022-31888
05 Apr 2023 — Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. • https://checkmarx.com/blog/securing-open-source-solutions-a-study-of-osticket-vulnerabilities • CWE-384: Session Fixation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1315 – Cross-site Scripting (XSS) - Reflected in osticket/osticket
https://notcve.org/view.php?id=CVE-2023-1315
10 Mar 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. • https://github.com/osticket/osticket/commit/ec6043935b4e30b5c0dfa544e256717182808a2e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1316 – Cross-site Scripting (XSS) - Stored in osticket/osticket
https://notcve.org/view.php?id=CVE-2023-1316
10 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. • https://github.com/osticket/osticket/commit/091ddba965132d26bdbeb004fcc44bd8fd056b71 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1317 – Cross-site Scripting (XSS) - Reflected in osticket/osticket
https://notcve.org/view.php?id=CVE-2023-1317
10 Mar 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. • https://github.com/osticket/osticket/commit/daee20fdd8ac926d9aee700b201ac2cb35d448ca • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1318 – Cross-site Scripting (XSS) - Generic in osticket/osticket
https://notcve.org/view.php?id=CVE-2023-1318
10 Mar 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. • https://github.com/osticket/osticket/commit/343a2b47e164dd9090a3c9477ef273f0efa16a7d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1319 – Cross-site Scripting (XSS) - Stored in osticket/osticket
https://notcve.org/view.php?id=CVE-2023-1319
10 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. • https://github.com/osticket/osticket/commit/9fb01bc12fbae06aa2c2b4d1bc9b4a08db4bb3e0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1320 – Cross-site Scripting (XSS) - Stored in osticket/osticket
https://notcve.org/view.php?id=CVE-2023-1320
10 Mar 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. • https://github.com/osticket/osticket/commit/86f9693dc64ed54220ed6c10e13e824ca4f6aacf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4271 – Cross-site Scripting (XSS) - Reflected in osticket/osticket
https://notcve.org/view.php?id=CVE-2022-4271
02 Dec 2022 — Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. Cross-Site Scripting (XSS) Reflejado en el repositorio de GitHub osticket/osticket antes de 1.16.4. • https://github.com/osticket/osticket/commit/5213ff138c6be6144a6692376ac0803a42eca168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32074
https://notcve.org/view.php?id=CVE-2022-32074
13 Jul 2022 — A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente audit/class.audit.php de osTicket-plugins - Storage-FS versiones anteriores al commit a7842d494889fd5533d13deb3c6a7789768795ae, permite a atacantes ejecutar scripts web o ... • https://github.com/reewardius/CVE-2022-32074 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •