JediKev

20 exploits Active since Aug 2019
CVE-2019-14748 WRITEUP MEDIUM WRITEUP
osTicket <1.10.7/1.12.x<1.12.1 - Unrestricted File Upload & Stored XSS via Ticket Form
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.
CVSS 5.4
CVE-2019-14749 WRITEUP HIGH WRITEUP
osTicket <1.10.7, <1.12.1 - Code Injection
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
CVSS 8.8
CVE-2019-14750 WRITEUP MEDIUM WRITEUP
osTicket < 1.10.7 and 1.12.x < 1.12.1 - Stored Cross-Site Scripting in Installer Firstname/Lastname Fields
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
CVSS 6.1
CVE-2020-12629 WRITEUP MEDIUM WRITEUP
osTicket < 1.14.2 - Stored Cross-Site Scripting via SLA Name
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVSS 5.4
CVE-2020-24881 WRITEUP CRITICAL WRITEUP
osTicket < 1.14.3 - Server-Side Request Forgery
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
CVSS 9.8
CVE-2022-32074 WRITEUP MEDIUM WRITEUP
osTicket-plugins - Storage-FS < 2022-05-19 - Stored Cross-Site Scripting via SVG File Upload
A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVSS 5.4
CVE-2022-31889 WRITEUP MEDIUM WRITEUP
osTicket audit_log < 2022-04-21 - Stored Cross-Site Scripting in auditlogs.tmpl.php
Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.
CVSS 6.1
CVE-2022-31890 WRITEUP CRITICAL WRITEUP
osTicket-plugins audit_log < 2022-04-21 - SQL Injection via order Parameter in getOrder Function
SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.
CVSS 9.8
CVE-2026-22200 WRITEUP HIGH WRITEUP
Enhancesoft osTicket 1.17.0-1.17.6 and 1.18.0-1.18.2 - Unauthenticated Arbitrary File Read via Ticket PDF Export
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.
CVSS 7.5
CVE-2020-22608 WRITEUP MEDIUM WRITEUP
osTicket < 1.12.6 - Cross-Site Scripting via Queue-Name Parameter
Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
CVSS 6.1
CVE-2020-22609 WRITEUP MEDIUM WRITEUP
osTicket < 1.12.6 - Cross-Site Scripting via Queue-Name Parameter
Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
CVSS 6.1
CVE-2020-24917 WRITEUP MEDIUM WRITEUP
osTicket < 1.14.3 - Cross-Site Scripting via Crafted Filename in DraftAjaxAPI
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
CVSS 6.1
CVE-2022-4271 WRITEUP MEDIUM WRITEUP
osTicket < 1.16.4 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
CVSS 5.4
CVE-2023-1315 WRITEUP MEDIUM WRITEUP
osTicket < 1.16.6 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVSS 5.4
CVE-2023-1316 WRITEUP MEDIUM WRITEUP
osTicket < 1.16.6 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS 5.4
CVE-2023-1317 WRITEUP MEDIUM WRITEUP
osTicket < 1.16.6 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVSS 5.4
CVE-2023-1318 WRITEUP MEDIUM WRITEUP
osTicket < 1.16.6 - Cross-Site Scripting
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
CVSS 5.4
CVE-2023-1319 WRITEUP MEDIUM WRITEUP
osTicket < 1.16.6 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS 4.8
CVE-2023-1320 WRITEUP MEDIUM WRITEUP
osTicket < 1.16.6 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
CVSS 6.1
CVE-2025-45387 WRITEUP MEDIUM WRITEUP
osTicket < 1.17.6 - Broken Access Control in /scp/ajax.php
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
CVSS 5.4