CVE-2020-12629

MEDIUM

osTicket < 1.14.2 - Stored Cross-Site Scripting via SLA Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-12629. PoCs published by Mehmet Kelepçe, mkelepce.

AI-analyzed exploit summary This exploit demonstrates a persistent authenticated XSS vulnerability in osTicket 1.14.1. The vulnerability allows an attacker to inject malicious JavaScript via the 'name' parameter in the SLA plan, which executes when viewed by other users, potentially stealing cookie information.

Description

include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.

Exploits (2)

exploitdb WORKING POC
by Mehmet Kelepçe · textwebappsphp
https://www.exploit-db.com/exploits/48413

This exploit demonstrates a persistent authenticated XSS vulnerability in osTicket 1.14.1. The vulnerability allows an attacker to inject malicious JavaScript via the 'name' parameter in the SLA plan, which executes when viewed by other users, potentially stealing cookie information.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: osTicket 1.14.1
Auth required
Prerequisites: Authenticated access to the osTicket application · Ability to modify SLA plan names
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by mkelepce · poc
https://github.com/mkelepce/CVE-2020-12629

This PoC demonstrates a persistent authenticated XSS vulnerability in osTicket 1.14.1 via the 'name' parameter in the SLA plan update request. The exploit injects malicious JavaScript into the SLA name field, which executes when viewed by an authenticated user.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: osTicket 1.14.1
Auth required
Prerequisites: Authenticated session · Access to SLA plan update functionality
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/osTicket/osTicket/compare/v1.14.1...v1.14.2
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/48413

Scores

CVSS v3 5.4
EPSS 0.0150
EPSS Percentile 71.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
enhancesoft/osticket < 1.14.2
Published May 04, 2020
Tracked Since Feb 18, 2026