Vulnerabilites related to osticket - osticket
Vulnerability from fkie_nvd
Published
2019-08-07 17:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6B0B54-FE0E-41EB-953D-6A72FFB7B724",
"versionEndExcluding": "1.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4874A3A8-A938-4E25-B01A-5366E34B2A28",
"versionEndExcluding": "1.12.1",
"versionStartIncluding": "1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Una inyecci\u00f3n CSV (tambi\u00e9n se conoce como Formula) se presenta en la funcionalidad export spreadsheets. Estas hojas de c\u00e1lculo se generan din\u00e1micamente a partir de la entrada de usuario no comprobada o no filtrada en los campos Name y Internal Notes de la pesta\u00f1a Users y el campo Issue Summary de la pesta\u00f1a Tickets. Esto permite a otros agentes descargar datos en formato de archivo .csv o .xls. Esto es usado como entrada para aplicaciones de hoja de c\u00e1lculo como Excel y OpenOffice Calc, lo que resulta en una situaci\u00f3n en la que las celdas de las hojas de c\u00e1lculo pueden contener entradas de una fuente no confiable. Como resultado, el usuario final que accede a la hoja de c\u00e1lculo exportada puede estar afectado."
}
],
"id": "CVE-2019-14749",
"lastModified": "2024-11-21T04:27:15.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T17:15:12.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47225"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 04:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51E70A0-07AB-4AE3-97B9-467B762CB18C",
"versionEndIncluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"sort\" parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/index.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"sort\"."
}
],
"id": "CVE-2018-7196",
"lastModified": "2024-11-21T04:11:46.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.710",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 04:11
Severity ?
Summary
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51E70A0-07AB-4AE3-97B9-467B762CB18C",
"versionEndIncluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de enteros en el generador de n\u00fameros de ticket en versiones anteriores a la 1.10.2 de Enhancesoft osTicket permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (evitando la creaci\u00f3n de nuevos tickets) mediante un gran n\u00famero de d\u00edgitos en los ajustes de formato de n\u00fameros de tickets."
}
],
"id": "CVE-2018-7194",
"lastModified": "2024-11-21T04:11:45.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 04:11
Severity ?
Summary
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51E70A0-07AB-4AE3-97B9-467B762CB18C",
"versionEndIncluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number."
},
{
"lang": "es",
"value": "Enhancesoft osTicket en versiones anteriores a la 1.10.2 permite que atacantes remotos restablezcan contrase\u00f1as arbitrarias (cuando se conoce una direcci\u00f3n de correo electr\u00f3nico asociada), aprovechando el acceso de invitado y adivinando un n\u00famero de 6 d\u00edgitos."
}
],
"id": "CVE-2018-7195",
"lastModified": "2024-11-21T04:11:46.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 17:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6B0B54-FE0E-41EB-953D-6A72FFB7B724",
"versionEndExcluding": "1.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4874A3A8-A938-4E25-B01A-5366E34B2A28",
"versionEndExcluding": "1.12.1",
"versionStartIncluding": "1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. El formulario de creaci\u00f3n de Ticket permite a los usuarios cargar archivos en conjunto con consultas. Se encontr\u00f3 que la funcionalidad file-upload presenta menos (o ninguna) mitigaciones implementadas para las comprobaciones de contenido de archivos; adem\u00e1s, la salida no se maneja apropiadamente, causando una vulnerabilidad de tipo XSS persistente que conlleva al robo de cookies o acciones maliciosas. Por ejemplo, un usuario que no sea agente puede cargar un archivo .html y Content-Disposition ser\u00e1 ajustado a inline en lugar de attachment."
}
],
"id": "CVE-2019-14748",
"lastModified": "2024-11-21T04:27:15.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T17:15:12.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47224"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-16 01:29
Modified
2024-11-21 03:14
Severity ?
Summary
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD9CB41-1BE8-4825-998E-9A204D5C2D35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176."
},
{
"lang": "es",
"value": "osTicket 1.10.1 permite la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el lado del cliente en v\u00edctimas que hagan clic en un enlace manipulado support/scp/tickets.php?status=, lo que tambi\u00e9n se conoce como Cross-Site Scripting (XSS). Como consecuencia, pueden tener lugar el robo de ID de sesi\u00f3n y de datos, as\u00ed como la posibilidad de que se omitan protecciones CSRF, la inyecci\u00f3n de iframes para establecer canales de comunicaci\u00f3n, etc. Esta vulnerabilidad est\u00e1 presente despu\u00e9s del inicio de sesi\u00f3n en la aplicaci\u00f3n. Esto afecta a un archivo tickets.php diferente de CVE-2015-1176."
}
],
"id": "CVE-2017-15362",
"lastModified": "2024-11-21T03:14:33.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-16T01:29:00.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-12-30 21:00
Modified
2024-11-21 01:21
Severity ?
Summary
Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "36D59B4F-19FA-4A5F-B8A0-1901433DF669",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party"
},
{
"lang": "es",
"value": "** CONTROVERTIDO ** Vulnerabilidad de salto de directorio en osTicket 1.6. Permite a atacantes remotos leer ficheros arbitrariamente a trav\u00e9s de .. (punto punto) en el par\u00e1emtro fichero de module.php, un vector diferente al de CVE-2005-1439. NOTA: esta vulnerabilidad ha sido discutida por un tercero de confianza."
}
],
"id": "CVE-2010-4634",
"lastModified": "2024-11-21T01:21:24.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-12-30T21:00:05.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.attrition.org/pipermail/vim/2010-November/002468.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.attrition.org/pipermail/vim/2010-November/002469.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/15471"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/44739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.attrition.org/pipermail/vim/2010-November/002468.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.attrition.org/pipermail/vim/2010-November/002469.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/15471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/44739"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-23 15:59
Modified
2024-11-21 02:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "106FC4DF-6E9B-4FB8-8635-E1B2B6D1A2A1",
"versionEndIncluding": "1.9.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en upload/scp/tickets.php en osTicket anterior a 1.9.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro status en una acci\u00f3n de b\u00fasqueda."
}
],
"id": "CVE-2015-1176",
"lastModified": "2024-11-21T02:24:49.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-23T15:59:11.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534526/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/72276"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/osTicket/osTicket-1.8/pull/1639"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534526/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/72276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/osTicket/osTicket-1.8/pull/1639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-19 01:07
Modified
2024-11-21 00:19
Severity ?
Summary
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C169B21F-7FA1-47F6-808F-3F428E4A031E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n remota del archivo en PHP open_form.php en osTicket permite a los atacantes remotos la ejecuci\u00f3n de c\u00f3digo PHP de su elecci\u00f3n mediante una URL en el par\u00e1metro include_dir."
}
],
"id": "CVE-2006-5407",
"lastModified": "2024-11-21T00:19:06.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-19T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1745"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/448687/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/448687/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29577"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-09 14:55
Modified
2024-11-21 02:10
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| enhancesoft | osticket | 1.8.0 | |
| enhancesoft | osticket | 1.8.0 | |
| enhancesoft | osticket | 1.8.0 | |
| enhancesoft | osticket | 1.8.0.1 | |
| enhancesoft | osticket | 1.8.0.2 | |
| enhancesoft | osticket | 1.8.0.3 | |
| enhancesoft | osticket | 1.8.0.4 | |
| enhancesoft | osticket | 1.8.1 | |
| enhancesoft | osticket | 1.8.1.1 | |
| enhancesoft | osticket | 1.8.1.2 | |
| enhancesoft | osticket | 1.8.3 | |
| enhancesoft | osticket | 1.8.4 | |
| enhancesoft | osticket | 1.9.0 | |
| osticket | osticket | * | |
| osticket | osticket | 1.0 | |
| osticket | osticket | 1.2.7 | |
| osticket | osticket | 1.3.0 | |
| osticket | osticket | 1.6 | |
| osticket | osticket | 1.6 | |
| osticket | osticket | 1.6 | |
| osticket | osticket | 1.6 | |
| osticket | osticket | 1.6 | |
| osticket | osticket | 1.6.0 | |
| osticket | osticket | 1.8.1 | |
| osticket | osticket | 1.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1380BD9-1950-46BF-A150-A5C7B3B122F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "410E1DA8-D8DA-4925-9296-899AD7AFF1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B5872239-C3D1-46F2-9AE1-E44711FCD276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDDA3155-5BE1-486F-8CD5-1CA152AC3BB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4BF6A3-23BF-4C80-B73A-1E476DA231D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "65D56D66-F8BB-4DB5-A3B1-B8CD7F2710A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1185DBA7-AEA8-4347-8800-9926A7648525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "745EC140-694C-4EAF-9E27-E40FBDEE125B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA8FFCFB-6E7E-45B7-9279-6D06C61ED934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9440ED-352C-49EF-80B1-97FAE6E72D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "75828A46-0334-4ACF-A0FF-7F6EAB11E310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB01480-8551-42B2-8BA5-129BF566485E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:enhancesoft:osticket:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9A63F4-A62E-4E88-8AD9-E37295BABB46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8198AEB4-C788-4A4A-BCAE-1AADFADB703D",
"versionEndIncluding": "1.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A51A1FDC-A014-4191-9318-79C21E379B4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "609F2462-A1AC-4B3A-B665-2CF2068F4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C97D5CE-ED36-406A-B806-E2688C050CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "61AEBDDE-5649-404E-8846-308F25503BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9B55B2C-EFBB-4C9E-995A-79B9FB0250ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BF72CFE6-ADA8-410F-AEFF-368A7445B8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "406EC73F-6CE1-4CEA-A360-D806640E98DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc5:*:*:*:*:*:*",
"matchCriteriaId": "FD0296FC-16F6-4EB3-98A2-821065097263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14F3506B-A827-4D41-9C46-E47A8ED2EC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCABB80-47DB-43FB-B3D2-A60970CB84A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.8.1:developer_preview:*:*:*:*:*:*",
"matchCriteriaId": "498EDA83-179A-42FA-972F-8DBB89F91D01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en osTicket anterior a 1.9.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) Phone Number field en open.php o (2) Phone number field, (3) passwd1 field, (4) passwd2 field o (5) do en account.php."
}
],
"id": "CVE-2014-4744",
"lastModified": "2024-11-21T02:10:48.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-09T14:55:04.343",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59539"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/68500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/68500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-08 15:30
Modified
2024-11-21 01:04
Severity ?
Summary
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "B8BAC86E-391D-4571-99E4-54D8D2DA8C98",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "61AEBDDE-5649-404E-8846-308F25503BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9B55B2C-EFBB-4C9E-995A-79B9FB0250ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BF72CFE6-ADA8-410F-AEFF-368A7445B8FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en include/class.staff.php en osTicket before v1.6 RC5 permite a atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s del par\u00e1metro staff username."
}
],
"id": "CVE-2009-2361",
"lastModified": "2024-11-21T01:04:41.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-08T15:30:01.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://osticket.com/forums/project.php?issueid=118"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35629"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9032"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/55472"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504615/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35516"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022480"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1726"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://osticket.com/forums/project.php?issueid=118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/55472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504615/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:1.x:*:*:*:*:*:*:*",
"matchCriteriaId": "46B4D3DB-8456-4429-BE21-13684B4B4C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php."
}
],
"id": "CVE-2005-1437",
"lastModified": "2024-11-20T23:57:20.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/15216"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/15216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 04:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51E70A0-07AB-4AE3-97B9-467B762CB18C",
"versionEndIncluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"order\" parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en /scp/directory.php en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"order\"."
}
],
"id": "CVE-2018-7193",
"lastModified": "2024-11-21T04:11:45.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-27 17:29
Modified
2024-11-21 04:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F51E70A0-07AB-4AE3-97B9-467B762CB18C",
"versionEndIncluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"message\" parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en /ajax.php/form/help-topic en Enhancesoft osTicket, en versiones anteriores a la 1.10.2, permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro \"message\"."
}
],
"id": "CVE-2018-7192",
"lastModified": "2024-11-21T04:11:45.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-27T17:29:00.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-11 17:30
Modified
2024-11-21 01:12
Severity ?
Summary
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F55BD41E-4C3F-4ABB-ABF1-673DFA38A240",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CEA985-2810-4828-A6EC-60E948AAEC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "609F2462-A1AC-4B3A-B665-2CF2068F4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C97D5CE-ED36-406A-B806-E2688C050CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "61AEBDDE-5649-404E-8846-308F25503BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9B55B2C-EFBB-4C9E-995A-79B9FB0250ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BF72CFE6-ADA8-410F-AEFF-368A7445B8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "406EC73F-6CE1-4CEA-A360-D806640E98DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with \"Staff\" permissions, to execute arbitrary SQL commands via the input parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en scp/ajax.php en osTicket v1.6.0 Stable, permite a usuarios autenticados remotamente, con permisos de \"staff\", ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"input\"."
}
],
"id": "CVE-2010-0605",
"lastModified": "2024-11-21T01:12:33.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-11T17:30:00.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38515"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11380"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/38166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-25 19:29
Modified
2024-11-21 04:21
Severity ?
Summary
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E4E1F-E5EC-4DAC-B454-4B204DFED3D8",
"versionEndExcluding": "1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion."
},
{
"lang": "es",
"value": "En osTicket versiones anteriores a 1.12, tiene una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /upload/file.php, /upload/scp/users.php?do=import-users, y /upload/scp/ajax.php/users/import si un usuario del gestor de agentes sube un archivo.csv creado al User Importer, en el contenido del archivo puede aparecer un mensaje de error. El XSS puede conducir a la inclusi\u00f3n de archivos locales."
}
],
"id": "CVE-2019-11537",
"lastModified": "2024-11-21T04:21:17.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-25T19:29:01.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/pull/4869"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46753"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46753/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/pull/4869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46753/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-11 17:30
Modified
2024-11-21 01:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:rc5:*:*:*:*:*:*",
"matchCriteriaId": "F55BD41E-4C3F-4ABB-ABF1-673DFA38A240",
"versionEndIncluding": "1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CEA985-2810-4828-A6EC-60E948AAEC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "609F2462-A1AC-4B3A-B665-2CF2068F4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C97D5CE-ED36-406A-B806-E2688C050CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "61AEBDDE-5649-404E-8846-308F25503BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9B55B2C-EFBB-4C9E-995A-79B9FB0250ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BF72CFE6-ADA8-410F-AEFF-368A7445B8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.6:rc4:*:*:*:*:*:*",
"matchCriteriaId": "406EC73F-6CE1-4CEA-A360-D806640E98DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en scp/ajax.php en osTicket anterior a v1.6.0 Stable, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"f\", posiblemente relacionado con un mensaje de error generado por scp/admin.php."
}
],
"id": "CVE-2010-0606",
"lastModified": "2024-11-21T01:12:33.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-11T17:30:00.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38515"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-02 21:15
Modified
2024-11-21 05:16
Severity ?
Summary
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "228BD49A-F6C5-404D-9644-82F3B48F7F73",
"versionEndExcluding": "1.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo SSRF se presenta en osTicket versiones anteriores a 1.14.3, donde un atacante puede agregar un archivo malicioso al servidor o llevar a cabo un escaneo de puertos"
}
],
"id": "CVE-2020-24881",
"lastModified": "2024-11-21T05:16:09.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-02T21:15:26.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-26 12:15
Modified
2024-11-21 05:06
Severity ?
Summary
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "228BD49A-F6C5-404D-9644-82F3B48F7F73",
"versionEndExcluding": "1.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info[\u0027notes\u0027] call."
},
{
"lang": "es",
"value": "osTicket versiones anteriores a 1.14.3, permite un ataque de tipo XSS porque el archivo include/staff/banrule.inc.php presenta una llamada $info [\"notes\"] eco no comprobada"
}
],
"id": "CVE-2020-16193",
"lastModified": "2024-11-21T05:06:54.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-26T12:15:13.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C169B21F-7FA1-47F6-808F-3F428E4A031E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter."
}
],
"id": "CVE-2005-1439",
"lastModified": "2024-11-20T23:57:21.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15216"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16279"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-13 16:15
Modified
2024-11-21 07:05
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/osTicket/osTicket-plugins | Product, Third Party Advisory | |
| cve@mitre.org | https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae | Patch, Third Party Advisory | |
| cve@mitre.org | https://owasp.org/www-community/attacks/xss/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/osTicket/osTicket-plugins | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://owasp.org/www-community/attacks/xss/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA23F95F-C139-4106-B692-E5E5BE2095A4",
"versionEndExcluding": "2022-05-19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el componente audit/class.audit.php de osTicket-plugins - Storage-FS versiones anteriores al commit a7842d494889fd5533d13deb3c6a7789768795ae, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un archivo SVG manipulado"
}
],
"id": "CVE-2022-32074",
"lastModified": "2024-11-21T07:05:44.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-13T16:15:08.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket-plugins"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://owasp.org/www-community/attacks/xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket-plugins"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://owasp.org/www-community/attacks/xss/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "609F2462-A1AC-4B3A-B665-2CF2068F4DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C97D5CE-ED36-406A-B806-E2688C050CD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket."
}
],
"id": "CVE-2005-1436",
"lastModified": "2024-11-20T23:57:20.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/15216"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16270"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16271"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16272"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16273"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://secunia.com/advisories/15216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-12 21:29
Modified
2024-11-21 03:12
Severity ?
Summary
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.osticket.com/blog/125 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osticket.com/blog/125 | Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9239890B-3367-46E4-8ED2-A30E95D5191F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php."
},
{
"lang": "es",
"value": "En osTicket en versiones anteriores a la 1.10.1, es posible realizar una inyecci\u00f3n SQL mediante la construcci\u00f3n de un array utilizando corchetes al final del nombre del par\u00e1metro, tal y como demuestra el par\u00e1metro key para file.php."
}
],
"id": "CVE-2017-14396",
"lastModified": "2024-11-21T03:12:41.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-12T21:29:00.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.osticket.com/blog/125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.osticket.com/blog/125"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 08:29
Modified
2024-11-21 03:14
Severity ?
Summary
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD9CB41-1BE8-4825-998E-9A204D5C2D35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "osTicket 1.10.1 provides a functionality to upload \u0027html\u0027 files with associated formats. However, it does not properly validate the uploaded file\u0027s contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content."
},
{
"lang": "es",
"value": "osTicket 1.10.1 proporciona una funcionalidad para subir archivos html con formatos asociados. Sin embargo, no valida correctamente los contenidos de los archivos subidos y por lo tanto acepta cualquier tipo de archivo, como en el caso de una petici\u00c3\u00b3n tickets.php que se modifica con una extensi\u00c3\u00b3n .html cambiada a una extensi\u00c3\u00b3n .exe. Un atacante podr\u00c3\u00ada utilizar esta vulnerabilidad para subir archivos arbitrarios que contengan contenidos maliciosos a la aplicaci\u00c3\u00b3n web."
}
],
"id": "CVE-2017-15580",
"lastModified": "2024-11-21T03:14:47.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T08:29:00.713",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://0day.today/exploits/28864"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://nakedsecurity.com/cve/CVE-2017-15580/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017100187"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/144747/osticket1101-shell.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45169/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://0day.today/exploits/28864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://nakedsecurity.com/cve/CVE-2017-15580/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2017100187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/144747/osticket1101-shell.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/45169/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-23 15:59
Modified
2024-11-21 02:25
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C87CBFB-742E-4168-BE82-FBA4291F6AF0",
"versionEndIncluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en client.inc.php en osTicket anterior a 1.9.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro lang."
}
],
"id": "CVE-2015-1347",
"lastModified": "2024-11-21T02:25:13.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-01-23T15:59:14.147",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 17:15
Modified
2024-11-21 04:27
Severity ?
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6B0B54-FE0E-41EB-953D-6A72FFB7B724",
"versionEndExcluding": "1.10.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4874A3A8-A938-4E25-B01A-5366E34B2A28",
"versionEndExcluding": "1.12.1",
"versionStartIncluding": "1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Se presenta una vulnerabilidad de tipo XSS Almacenado en el archivo setup/install.php. Se observ\u00f3 que no fue proporcionado ning\u00fan saneamiento de entrada en los campos de firstname y lastname. La inserci\u00f3n de consultas maliciosas en esos campos conlleva a la ejecuci\u00f3n de esas consultas. Esto puede conllevar a\u00fan m\u00e1s al robo de cookies u otras acciones maliciosas."
}
],
"id": "CVE-2019-14750",
"lastModified": "2024-11-21T04:27:16.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T17:15:12.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47226"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-03 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CEA985-2810-4828-A6EC-60E948AAEC77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter."
}
],
"id": "CVE-2005-1438",
"lastModified": "2024-11-20T23:57:21.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15216"
},
{
"source": "cve@mitre.org",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/16278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/16278"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-30 16:15
Modified
2024-11-21 05:16
Severity ?
Summary
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://sisl.lab.uic.edu/projects/chess/osticket-xss/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sisl.lab.uic.edu/projects/chess/osticket-xss/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*",
"matchCriteriaId": "228BD49A-F6C5-404D-9644-82F3B48F7F73",
"versionEndExcluding": "1.14.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php."
},
{
"lang": "es",
"value": "osTicket versiones anteriores a 1.14.3, permite un ataque XSS por medio de un nombre de archivo dise\u00f1ado en la funci\u00f3n DraftAjaxAPI::_uploadInlineImage() en el archivo include/ajax.draft.php"
}
],
"id": "CVE-2020-24917",
"lastModified": "2024-11-21T05:16:12.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-30T16:15:14.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sisl.lab.uic.edu/projects/chess/osticket-xss/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sisl.lab.uic.edu/projects/chess/osticket-xss/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2018-7195
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7195",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2018-02-17T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-16193
Vulnerability from cvelistv5
Published
2020-08-26 12:00
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67 | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-08-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info[\u0027notes\u0027] call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-26T12:00:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-16193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info[\u0027notes\u0027] call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67"
},
{
"name": "https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-16193",
"datePublished": "2020-08-26T12:00:17",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14749
Vulnerability from cvelistv5
Published
2019-08-07 16:38
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/osTicket/osTicket/releases/tag/v1.12.1 | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/releases/tag/v1.10.7 | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/47225 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
},
{
"name": "47225",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47225"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T13:37:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
},
{
"name": "47225",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/47225"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"name": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"name": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
},
{
"name": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
},
{
"name": "47225",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/47225"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14749",
"datePublished": "2019-08-07T16:38:45",
"dateReserved": "2019-08-07T00:00:00",
"dateUpdated": "2024-08-05T00:26:38.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4744
Vulnerability from cvelistv5
Published
2014-07-09 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/68500 | vdb-entry, x_refsource_BID | |
| https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/59539 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/"
},
{
"name": "68500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68500"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2"
},
{
"name": "59539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59539"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T18:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/"
},
{
"name": "68500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68500"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2"
},
{
"name": "59539",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59539"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/",
"refsource": "MISC",
"url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/"
},
{
"name": "68500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68500"
},
{
"name": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2"
},
{
"name": "59539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59539"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4744",
"datePublished": "2014-07-09T14:00:00",
"dateReserved": "2014-07-09T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1176
Vulnerability from cvelistv5
Published
2015-01-23 15:00
Modified
2024-08-06 04:33
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://github.com/osTicket/osTicket-1.8/pull/1639 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/534526/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/72276 | vdb-entry, x_refsource_BID | |
| https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket-1.8/pull/1639"
},
{
"name": "20150122 CVE-2015-1176-xss-osticket",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534526/100/0/threaded"
},
{
"name": "72276",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72276"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/osTicket/osTicket-1.8/pull/1639"
},
{
"name": "20150122 CVE-2015-1176-xss-osticket",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534526/100/0/threaded"
},
{
"name": "72276",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72276"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130057/osTicket-1.9.4-Cross-Site-Scripting.html"
},
{
"name": "https://github.com/osTicket/osTicket-1.8/pull/1639",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket-1.8/pull/1639"
},
{
"name": "20150122 CVE-2015-1176-xss-osticket",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534526/100/0/threaded"
},
{
"name": "72276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72276"
},
{
"name": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1176",
"datePublished": "2015-01-23T15:00:00",
"dateReserved": "2015-01-17T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1437
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gulftech.org/?node=research&article_id=00071-05022005 | x_refsource_MISC | |
| http://www.osvdb.org/16277 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/15216 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "16277",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16277"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "16277",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16277"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "16277",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16277"
},
{
"name": "15216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1437",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:49.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11537
Vulnerability from cvelistv5
Published
2019-04-25 18:26
Modified
2024-08-04 22:55
Severity ?
EPSS score ?
Summary
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46753/ | exploit, x_refsource_EXPLOIT-DB | |
| https://github.com/osTicket/osTicket/pull/4869 | x_refsource_MISC | |
| https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46753 | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/releases/tag/v1.12 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46753",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46753/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/pull/4869"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46753"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-02T23:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46753",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46753/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/pull/4869"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46753"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46753",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46753/"
},
{
"name": "https://github.com/osTicket/osTicket/pull/4869",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/pull/4869"
},
{
"name": "https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html"
},
{
"name": "https://www.exploit-db.com/exploits/46753",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46753"
},
{
"name": "https://github.com/osTicket/osTicket/releases/tag/v1.12",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11537",
"datePublished": "2019-04-25T18:26:59",
"dateReserved": "2019-04-25T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7196
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"sort\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"sort\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7196",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2018-02-17T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1347
Vulnerability from cvelistv5
Published
2015-01-23 15:00
Modified
2024-09-17 02:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1 | x_refsource_CONFIRM | |
| https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-23T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.5.1"
},
{
"name": "https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1",
"refsource": "CONFIRM",
"url": "https://github.com/osTicket/osTicket-1.8/commit/b38b3ca7235002137cc9ff74b3c24a4a78c9c2d1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1347",
"datePublished": "2015-01-23T15:00:00Z",
"dateReserved": "2015-01-23T00:00:00Z",
"dateUpdated": "2024-09-17T02:20:46.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32074
Vulnerability from cvelistv5
Published
2022-07-13 15:35
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://owasp.org/www-community/attacks/xss/ | x_refsource_MISC | |
| https://github.com/osTicket/osTicket-plugins | x_refsource_MISC | |
| https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:55.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://owasp.org/www-community/attacks/xss/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket-plugins"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-13T15:35:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/xss/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket-plugins"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://owasp.org/www-community/attacks/xss/",
"refsource": "MISC",
"url": "https://owasp.org/www-community/attacks/xss/"
},
{
"name": "https://github.com/osTicket/osTicket-plugins",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket-plugins"
},
{
"name": "https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32074",
"datePublished": "2022-07-13T15:35:28",
"dateReserved": "2022-05-31T00:00:00",
"dateUpdated": "2024-08-03T07:32:55.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0605
Vulnerability from cvelistv5
Published
2010-02-11 17:00
Modified
2024-08-07 00:52
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/11380 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/38166 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf | x_refsource_MISC | |
| http://osticket.com/forums/project.php?issueid=176 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38515 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11380",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11380"
},
{
"name": "38166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"name": "38515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with \"Staff\" permissions, to execute arbitrary SQL commands via the input parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11380",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11380"
},
{
"name": "38166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"name": "38515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with \"Staff\" permissions, to execute arbitrary SQL commands via the input parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11380",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11380"
},
{
"name": "38166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38166"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf"
},
{
"name": "http://osticket.com/forums/project.php?issueid=176",
"refsource": "CONFIRM",
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"name": "38515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0605",
"datePublished": "2010-02-11T17:00:00",
"dateReserved": "2010-02-11T00:00:00",
"dateUpdated": "2024-08-07T00:52:19.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24917
Vulnerability from cvelistv5
Published
2020-08-30 15:45
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3 | x_refsource_MISC | |
| https://sisl.lab.uic.edu/projects/chess/osticket-xss/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:07.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sisl.lab.uic.edu/projects/chess/osticket-xss/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-31T03:01:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sisl.lab.uic.edu/projects/chess/osticket-xss/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d"
},
{
"name": "https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3"
},
{
"name": "https://sisl.lab.uic.edu/projects/chess/osticket-xss/",
"refsource": "MISC",
"url": "https://sisl.lab.uic.edu/projects/chess/osticket-xss/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24917",
"datePublished": "2020-08-30T15:45:41",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:26:07.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7192
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"message\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"message\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7192",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2018-02-17T00:00:00",
"dateUpdated": "2024-08-05T06:24:10.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4634
Vulnerability from cvelistv5
Published
2010-12-30 20:00
Modified
2024-09-17 03:34
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt | x_refsource_MISC | |
| http://www.attrition.org/pipermail/vim/2010-November/002468.html | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/44739 | vdb-entry, x_refsource_BID | |
| http://www.attrition.org/pipermail/vim/2010-November/002469.html | mailing-list, x_refsource_MLIST | |
| http://www.exploit-db.com/exploits/15471 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt"
},
{
"name": "[VIM] 20101109 osTicket 1.6 - Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2010-November/002468.html"
},
{
"name": "44739",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44739"
},
{
"name": "[VIM] 20101109 osTicket 1.6 - Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.attrition.org/pipermail/vim/2010-November/002469.html"
},
{
"name": "15471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-12-30T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt"
},
{
"name": "[VIM] 20101109 osTicket 1.6 - Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.attrition.org/pipermail/vim/2010-November/002468.html"
},
{
"name": "44739",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44739"
},
{
"name": "[VIM] 20101109 osTicket 1.6 - Local File Inclusion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.attrition.org/pipermail/vim/2010-November/002469.html"
},
{
"name": "15471",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15471"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1011-exploits/osticket-lfi.txt"
},
{
"name": "[VIM] 20101109 osTicket 1.6 - Local File Inclusion",
"refsource": "MLIST",
"url": "http://www.attrition.org/pipermail/vim/2010-November/002468.html"
},
{
"name": "44739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44739"
},
{
"name": "[VIM] 20101109 osTicket 1.6 - Local File Inclusion",
"refsource": "MLIST",
"url": "http://www.attrition.org/pipermail/vim/2010-November/002469.html"
},
{
"name": "15471",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4634",
"datePublished": "2010-12-30T20:00:00Z",
"dateReserved": "2010-12-30T00:00:00Z",
"dateUpdated": "2024-09-17T03:34:02.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0606
Vulnerability from cvelistv5
Published
2010-02-11 17:00
Modified
2024-09-16 18:55
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38166 | vdb-entry, x_refsource_BID | |
| http://osticket.com/forums/project.php?issueid=176 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/38515 | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38166",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38166"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"name": "38515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38515"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-11T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38166",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38166"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"name": "38515",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38515"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38166"
},
{
"name": "http://osticket.com/forums/project.php?issueid=176",
"refsource": "CONFIRM",
"url": "http://osticket.com/forums/project.php?issueid=176"
},
{
"name": "38515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38515"
},
{
"name": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-ReflectedXSS.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0606",
"datePublished": "2010-02-11T17:00:00Z",
"dateReserved": "2010-02-11T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:15.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1436
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/16274 | vdb-entry, x_refsource_OSVDB | |
| http://www.gulftech.org/?node=research&article_id=00071-05022005 | x_refsource_MISC | |
| http://www.osvdb.org/16271 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/16270 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/16272 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/15216 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16273 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16274"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "16271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16271"
},
{
"name": "16270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16270"
},
{
"name": "16272",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16272"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15216"
},
{
"name": "16273",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16274",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16274"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "16271",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16271"
},
{
"name": "16270",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16270"
},
{
"name": "16272",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16272"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15216"
},
{
"name": "16273",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16274",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16274"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "16271",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16271"
},
{
"name": "16270",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16270"
},
{
"name": "16272",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16272"
},
{
"name": "15216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15216"
},
{
"name": "16273",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1436",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:49.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14750
Vulnerability from cvelistv5
Published
2019-08-07 16:38
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/osTicket/osTicket/releases/tag/v1.12.1 | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/releases/tag/v1.10.7 | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/47226 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html"
},
{
"name": "47226",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T13:33:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html"
},
{
"name": "47226",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/47226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"name": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"name": "https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/commit/c3ba5b78261e07a883ad8fac28c214486c854e12"
},
{
"name": "http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154005/osTicket-1.12-Cross-Site-Scripting.html"
},
{
"name": "47226",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/47226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14750",
"datePublished": "2019-08-07T16:38:35",
"dateReserved": "2019-08-07T00:00:00",
"dateUpdated": "2024-08-05T00:26:38.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1439
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gulftech.org/?node=research&article_id=00071-05022005 | x_refsource_MISC | |
| http://secunia.com/advisories/15216 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/16279 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:49.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15216"
},
{
"name": "16279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15216"
},
{
"name": "16279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "15216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15216"
},
{
"name": "16279",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1439",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:49.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14748
Vulnerability from cvelistv5
Published
2019-08-07 16:38
Modified
2024-08-05 00:26
Severity ?
EPSS score ?
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/releases/tag/v1.12.1 | x_refsource_MISC | |
| https://github.com/osTicket/osTicket/releases/tag/v1.10.7 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/47224 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:38.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html"
},
{
"name": "47224",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T13:28:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html"
},
{
"name": "47224",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/47224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/commit/33ed106b1602f559a660a69f931a9d873685d1ba"
},
{
"name": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
},
{
"name": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
},
{
"name": "http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154003/osTicket-1.12-File-Upload-Cross-Site-Scripting.html"
},
{
"name": "47224",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/47224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14748",
"datePublished": "2019-08-07T16:38:58",
"dateReserved": "2019-08-07T00:00:00",
"dateUpdated": "2024-08-05T00:26:38.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14396
Vulnerability from cvelistv5
Published
2017-09-12 21:00
Modified
2024-08-05 19:27
Severity ?
EPSS score ?
Summary
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osticket.com/blog/125 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:27:40.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.osticket.com/blog/125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-19T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.osticket.com/blog/125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.osticket.com/blog/125",
"refsource": "CONFIRM",
"url": "http://www.osticket.com/blog/125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14396",
"datePublished": "2017-09-12T21:00:00",
"dateReserved": "2017-09-12T00:00:00",
"dateUpdated": "2024-08-05T19:27:40.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1438
Vulnerability from cvelistv5
Published
2005-05-03 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/16278 | vdb-entry, x_refsource_OSVDB | |
| http://www.gulftech.org/?node=research&article_id=00071-05022005 | x_refsource_MISC | |
| http://secunia.com/advisories/15216 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16278"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15216"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16278",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16278"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "15216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15216"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16278",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16278"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00071-05022005"
},
{
"name": "15216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15216"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1438",
"datePublished": "2005-05-03T04:00:00",
"dateReserved": "2005-05-03T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7194
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:11.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7194",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2018-02-17T00:00:00",
"dateUpdated": "2024-08-05T06:24:11.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5407
Vulnerability from cvelistv5
Published
2006-10-19 01:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/1745 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/448687/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29577 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1745",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1745"
},
{
"name": "20061014 WDT:- osTicket File Include all V",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448687/100/0/threaded"
},
{
"name": "osticket-openform-file-include(29577)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29577"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1745",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1745"
},
{
"name": "20061014 WDT:- osTicket File Include all V",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448687/100/0/threaded"
},
{
"name": "osticket-openform-file-include(29577)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29577"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1745",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1745"
},
{
"name": "20061014 WDT:- osTicket File Include all V",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448687/100/0/threaded"
},
{
"name": "osticket-openform-file-include(29577)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29577"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5407",
"datePublished": "2006-10-19T01:00:00",
"dateReserved": "2006-10-18T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24881
Vulnerability from cvelistv5
Published
2020-11-02 14:42
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T16:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d",
"refsource": "MISC",
"url": "https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d"
},
{
"name": "https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0",
"refsource": "MISC",
"url": "https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0"
},
{
"name": "http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24881",
"datePublished": "2020-11-02T14:42:36",
"dateReserved": "2020-08-28T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2361
Vulnerability from cvelistv5
Published
2009-07-08 15:00
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osticket.com/forums/project.php?issueid=118 | x_refsource_CONFIRM | |
| http://www.osvdb.org/55472 | vdb-entry, x_refsource_OSVDB | |
| http://www.exploit-db.com/exploits/9032 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/archive/1/504615/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/35516 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51417 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1022480 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2009/1726 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/35629 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:56.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://osticket.com/forums/project.php?issueid=118"
},
{
"name": "55472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/55472"
},
{
"name": "9032",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9032"
},
{
"name": "20090627 osTicket v1.6 RC4 Admin Login Blind SQLi",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504615/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/"
},
{
"name": "35516",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35516"
},
{
"name": "osticket-username-sql-injection(51417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417"
},
{
"name": "1022480",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022480"
},
{
"name": "ADV-2009-1726",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1726"
},
{
"name": "35629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://osticket.com/forums/project.php?issueid=118"
},
{
"name": "55472",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/55472"
},
{
"name": "9032",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9032"
},
{
"name": "20090627 osTicket v1.6 RC4 Admin Login Blind SQLi",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504615/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/"
},
{
"name": "35516",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35516"
},
{
"name": "osticket-username-sql-injection(51417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417"
},
{
"name": "1022480",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022480"
},
{
"name": "ADV-2009-1726",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1726"
},
{
"name": "35629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://osticket.com/forums/project.php?issueid=118",
"refsource": "CONFIRM",
"url": "http://osticket.com/forums/project.php?issueid=118"
},
{
"name": "55472",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55472"
},
{
"name": "9032",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9032"
},
{
"name": "20090627 osTicket v1.6 RC4 Admin Login Blind SQLi",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504615/100/0/threaded"
},
{
"name": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/"
},
{
"name": "35516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35516"
},
{
"name": "osticket-username-sql-injection(51417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51417"
},
{
"name": "1022480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022480"
},
{
"name": "ADV-2009-1726",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1726"
},
{
"name": "35629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2361",
"datePublished": "2009-07-08T15:00:00",
"dateReserved": "2009-07-08T00:00:00",
"dateUpdated": "2024-08-07T05:44:56.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-7193
Vulnerability from cvelistv5
Published
2018-03-27 17:00
Modified
2024-08-05 06:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:10.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"order\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-27T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the \"order\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7193",
"datePublished": "2018-03-27T17:00:00",
"dateReserved": "2018-02-17T00:00:00",
"dateUpdated": "2024-08-05T06:24:10.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15580
Vulnerability from cvelistv5
Published
2017-10-23 08:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
References
| ▼ | URL | Tags |
|---|---|---|
| https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html | x_refsource_MISC | |
| https://packetstormsecurity.com/files/144747/osticket1101-shell.txt | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/45169/ | exploit, x_refsource_EXPLOIT-DB | |
| http://0day.today/exploits/28864 | x_refsource_MISC | |
| https://cxsecurity.com/issue/WLB-2017100187 | x_refsource_MISC | |
| https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/ | x_refsource_MISC | |
| http://nakedsecurity.com/cve/CVE-2017-15580/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/144747/osticket1101-shell.txt"
},
{
"name": "45169",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45169/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://0day.today/exploits/28864"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2017100187"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://nakedsecurity.com/cve/CVE-2017-15580/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "osTicket 1.10.1 provides a functionality to upload \u0027html\u0027 files with associated formats. However, it does not properly validate the uploaded file\u0027s contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-15T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/144747/osticket1101-shell.txt"
},
{
"name": "45169",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45169/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://0day.today/exploits/28864"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2017100187"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://nakedsecurity.com/cve/CVE-2017-15580/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "osTicket 1.10.1 provides a functionality to upload \u0027html\u0027 files with associated formats. However, it does not properly validate the uploaded file\u0027s contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html",
"refsource": "MISC",
"url": "https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html"
},
{
"name": "https://packetstormsecurity.com/files/144747/osticket1101-shell.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144747/osticket1101-shell.txt"
},
{
"name": "45169",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45169/"
},
{
"name": "http://0day.today/exploits/28864",
"refsource": "MISC",
"url": "http://0day.today/exploits/28864"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017100187",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017100187"
},
{
"name": "https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/",
"refsource": "MISC",
"url": "https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/"
},
{
"name": "http://nakedsecurity.com/cve/CVE-2017-15580/",
"refsource": "MISC",
"url": "http://nakedsecurity.com/cve/CVE-2017-15580/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15580",
"datePublished": "2017-10-23T08:00:00",
"dateReserved": "2017-10-17T00:00:00",
"dateUpdated": "2024-08-05T19:57:27.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15362
Vulnerability from cvelistv5
Published
2017-10-16 01:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.
References
| ▼ | URL | Tags |
|---|---|---|
| https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-16T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html",
"refsource": "MISC",
"url": "https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15362",
"datePublished": "2017-10-16T01:00:00",
"dateReserved": "2017-10-15T00:00:00",
"dateUpdated": "2024-08-05T19:57:25.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}