Filtered by vendor Enhancesoft
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12629 | 1 Enhancesoft | 1 Osticket | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. | |||||
| CVE-2019-13397 | 1 Enhancesoft | 1 Osticket | 2026-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. | |||||
| CVE-2014-4744 | 2 Enhancesoft, Osticket | 2 Osticket, Osticket | 2026-06-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php. | |||||
| CVE-2026-26895 | 1 Enhancesoft | 1 Osticket | 2026-04-07 | N/A | 5.3 MEDIUM |
| User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform. | |||||