XSS in Enhancesoft Osticket
CVE-2014-4744
Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (49.2th percentile) — read the EPSS interpretation.
Affected products
- Enhancesoft Osticket — versions 1.8.0, 1.8.0.1, 1.8.0.2
- Osticket — versions 1.0, 1.2.7, 1.3.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- 68500 (Exploit, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- 59539 (x_refsource_SECUNIA, third-party-advisory)