CVE-2023-1317
published 2023-03-10CVE-2023-1317: Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
1.01%
58.9th percentile
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enhancesoft | osticket | < 1.16.6 | 1.16.6 |
| osticket | osticket_osticket | >= unspecified < v1.16.6 | v1.16.6 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
osTicket < v1.16.6 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2023-1317 [MEDIUM] osTicket < v1.16.6 - Cross-Site Scripting
osTicket ")'
- 'contains(header, "text/html")'
- 'status_code == 200'
condition: and
# digest: 490a00463044022030052bd51aa295ed2d6188222dc4e049f4e609d74a2592b1b4b084226a6df1240220746554da797a1604c876c3af7f36f9900cafc5c41d6e44f55d6b914d081a053f:922c64590222798bb761d5b6d8e72950
Greynoiseio
NoiseLetter January 2026
blogs_greynoiseio
NoiseLetter January 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2023-31122 httpd: mod_macro: out-of-bounds read vulnerability
bugzilla·2023-10-20·CVSS 7.5
CVE-2023-31122 [HIGH] CVE-2023-31122 httpd: mod_macro: out-of-bounds read vulnerability
CVE-2023-31122 httpd: mod_macro: out-of-bounds read vulnerability
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57.
References:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122
https://www.openwall.com/lists/oss-security/2023/10/19/4
Upstream patch:
https://svn.apache.org/viewvc?view=revision&revision=1912993
Discussion:
Created httpd tracking bugs for this issue:
Affects: fedora-all [bug 2245333]
---
This issue has been addressed in the following products:
Red Hat JBoss Core Services
Via RHSA-2024:1317 https://access.redhat.com/errata/RHSA-2024:1317
---
This issue has been addressed in the following products:
JBoss Core Services on RHEL 7
JBoss Core Services for RHEL 8
Via RHSA-
2023-03-10
Published