EIP-2026-110401
PRE-CVEosTicket - 'tickets.php?status' Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110401. PoCs published by AkaStep.
AI-analyzed exploit summary The provided text describes multiple vulnerabilities in osTicket 1.7 DPR3, including XSS, open redirection, and SQL injection, with an example XSS payload. However, it lacks executable exploit code.
Description
osTicket - 'tickets.php?status' Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by AkaStep · textwebappsphp
https://www.exploit-db.com/exploits/38162
The provided text describes multiple vulnerabilities in osTicket 1.7 DPR3, including XSS, open redirection, and SQL injection, with an example XSS payload. However, it lacks executable exploit code.
Classification
Writeup 90%
Attack Type
Xss | Sqli | Other
Complexity
Trivial
Reliability
Theoretical
Target:
osTicket 1.7 DPR3
No auth needed
Prerequisites:
Access to a vulnerable osTicket instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026