3 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2

CVE-2006-6733 – osTicket 1.2/1.3 Support Cards - 'view.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2006-6733

26 Dec 2006 — Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en support/view.php de Support Cards 1 (osTicket) permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro e. • https://www.exploit-db.com/exploits/29298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3

CVE-2005-2153

https://notcve.org/view.php?id=CVE-2005-2153

06 Jul 2005 — SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. • http://seclists.org/lists/bugtraq/2005/Jul/0009.html •

CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 4

CVE-2005-2154 – osTicket 1.2/1.3 - 'view.php?inc' Arbitrary Local File Inclusion

https://notcve.org/view.php?id=CVE-2005-2154

06 Jul 2005 — PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. • https://www.exploit-db.com/exploits/25926 •