CVE-2015-1347

osTicket < 1.9.5 - Cross-Site Scripting via Lang Parameter

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Scores

EPSS 0.0135
EPSS Percentile 68.1%

Details

CWE
CWE-79
Status published
Products (1)
osticket/osticket < 1.9.5
Published Jan 23, 2015
Tracked Since Feb 18, 2026