CVE-2019-11537

MEDIUM

osTicket <1.12 - XSS

Title source: llm

Description

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.

Exploits (1)

exploitdb WORKING POC VERIFIED

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/46753

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46753/

Third Party Advisory x_refsource_misc

https://github.com/osTicket/osTicket/pull/4869

Exploit, Third Party Advisory x_refsource_misc

https://pentest.com.tr/exploits/osTicket-v1-11-XSS-to-LFI.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/46753

Third Party Advisory x_refsource_misc

https://github.com/osTicket/osTicket/releases/tag/v1.12

Scores

CVSS v3 6.1

EPSS 0.0503

EPSS Percentile 89.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

osticket/osticket < 1.12

Published Apr 25, 2019

Tracked Since Feb 18, 2026