Enhancesoft Osticket vulnerabilities
23 known vulnerabilities affecting enhancesoft/osticket.
Total CVEs
23
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM19
Vulnerabilities
Page 2 of 2
CVE-2023-1319P4MEDIUMCVSS 4.8fixed in 1.16.62023-03-10
CVE-2023-1319 [MEDIUM] CWE-79 CVE-2023-1319: Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
nvd
CVE-2023-27148P4MEDIUMCVSS 4.8v1.17.22023-10-23
CVE-2023-27148 [MEDIUM] CWE-79 CVE-2023-27148: A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2
A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.
nvd
CVE-2023-27149P4MEDIUMCVSS 4.8v1.17.22023-10-23
CVE-2023-27149 [MEDIUM] CWE-79 CVE-2023-27149: A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers t
A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.
nvd
← Previous2 / 2