Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for osticket/osticket by osticket
CVE-2023-1320 (GCVE-0-2023-1320)
Vulnerability from nvd – Published: 2023-03-10 00:00 – Updated: 2025-02-27 19:00
VLAI?
Title
Cross-site Scripting (XSS) - Stored in osticket/osticket
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c2bb34ac-452d-4624-a1b9-c5b54f52f0cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/86f9693dc64ed54220ed6c10e13e824ca4f6aacf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1320",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:59:19.278318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:00:08.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c2bb34ac-452d-4624-a1b9-c5b54f52f0cd"
},
{
"url": "https://github.com/osticket/osticket/commit/86f9693dc64ed54220ed6c10e13e824ca4f6aacf"
}
],
"source": {
"advisory": "c2bb34ac-452d-4624-a1b9-c5b54f52f0cd",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1320",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-27T19:00:08.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1319 (GCVE-0-2023-1319)
Vulnerability from nvd – Published: 2023-03-10 00:00 – Updated: 2025-03-03 20:52
VLAI?
Title
Cross-site Scripting (XSS) - Stored in osticket/osticket
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a822067a-d90d-4c3e-b9ef-9b2a5c2bc97f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/9fb01bc12fbae06aa2c2b4d1bc9b4a08db4bb3e0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:52:22.643872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:52:35.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a822067a-d90d-4c3e-b9ef-9b2a5c2bc97f"
},
{
"url": "https://github.com/osticket/osticket/commit/9fb01bc12fbae06aa2c2b4d1bc9b4a08db4bb3e0"
}
],
"source": {
"advisory": "a822067a-d90d-4c3e-b9ef-9b2a5c2bc97f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1319",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-03-03T20:52:35.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1318 (GCVE-0-2023-1318)
Vulnerability from nvd – Published: 2023-03-10 00:00 – Updated: 2025-02-28 14:41
VLAI?
Title
Cross-site Scripting (XSS) - Generic in osticket/osticket
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e58b38e0-4897-4bb0-84e8-a7ad8efab338"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/343a2b47e164dd9090a3c9477ef273f0efa16a7d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1318",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T14:40:51.538566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T14:41:52.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e58b38e0-4897-4bb0-84e8-a7ad8efab338"
},
{
"url": "https://github.com/osticket/osticket/commit/343a2b47e164dd9090a3c9477ef273f0efa16a7d"
}
],
"source": {
"advisory": "e58b38e0-4897-4bb0-84e8-a7ad8efab338",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1318",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-28T14:41:52.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1317 (GCVE-0-2023-1317)
Vulnerability from nvd – Published: 2023-03-10 00:00 – Updated: 2025-02-27 21:09
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in osticket/osticket
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c3e27af2-358b-490b-9baf-e451663e4e5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/daee20fdd8ac926d9aee700b201ac2cb35d448ca"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1317",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T21:09:14.628896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T21:09:23.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c3e27af2-358b-490b-9baf-e451663e4e5f"
},
{
"url": "https://github.com/osticket/osticket/commit/daee20fdd8ac926d9aee700b201ac2cb35d448ca"
}
],
"source": {
"advisory": "c3e27af2-358b-490b-9baf-e451663e4e5f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1317",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-27T21:09:23.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1316 (GCVE-0-2023-1316)
Vulnerability from nvd – Published: 2023-03-10 00:00 – Updated: 2025-03-03 20:53
VLAI?
Title
Cross-site Scripting (XSS) - Stored in osticket/osticket
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
4.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c6353bab-c382-47f6-937b-56d253f2e8d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/091ddba965132d26bdbeb004fcc44bd8fd056b71"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1316",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:53:18.349623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:53:26.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c6353bab-c382-47f6-937b-56d253f2e8d3"
},
{
"url": "https://github.com/osticket/osticket/commit/091ddba965132d26bdbeb004fcc44bd8fd056b71"
}
],
"source": {
"advisory": "c6353bab-c382-47f6-937b-56d253f2e8d3",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1316",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-03-03T20:53:26.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1315 (GCVE-0-2023-1315)
Vulnerability from nvd – Published: 2023-03-10 00:00 – Updated: 2025-03-03 20:57
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in osticket/osticket
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/70a7fd8c-7e6f-4a43-9f8c-163b8967b16e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/ec6043935b4e30b5c0dfa544e256717182808a2e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:57:07.475459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:57:18.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/70a7fd8c-7e6f-4a43-9f8c-163b8967b16e"
},
{
"url": "https://github.com/osticket/osticket/commit/ec6043935b4e30b5c0dfa544e256717182808a2e"
}
],
"source": {
"advisory": "70a7fd8c-7e6f-4a43-9f8c-163b8967b16e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1315",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-03-03T20:57:18.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4271 (GCVE-0-2022-4271)
Vulnerability from nvd – Published: 2022-12-02 00:00 – Updated: 2025-04-14 17:52
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in osticket/osticket
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < 1.16.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/5213ff138c6be6144a6692376ac0803a42eca168"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4271",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:17:49.804868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:52:11.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "1.16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599"
},
{
"url": "https://github.com/osticket/osticket/commit/5213ff138c6be6144a6692376ac0803a42eca168"
}
],
"source": {
"advisory": "a11c922f-255a-412a-aa87-7f3bd7121599",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4271",
"datePublished": "2022-12-02T00:00:00.000Z",
"dateReserved": "2022-12-02T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:52:11.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1319 (GCVE-0-2023-1319)
Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-03-03 20:52
VLAI?
Title
Cross-site Scripting (XSS) - Stored in osticket/osticket
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a822067a-d90d-4c3e-b9ef-9b2a5c2bc97f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/9fb01bc12fbae06aa2c2b4d1bc9b4a08db4bb3e0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:52:22.643872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:52:35.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a822067a-d90d-4c3e-b9ef-9b2a5c2bc97f"
},
{
"url": "https://github.com/osticket/osticket/commit/9fb01bc12fbae06aa2c2b4d1bc9b4a08db4bb3e0"
}
],
"source": {
"advisory": "a822067a-d90d-4c3e-b9ef-9b2a5c2bc97f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1319",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-03-03T20:52:35.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1316 (GCVE-0-2023-1316)
Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-03-03 20:53
VLAI?
Title
Cross-site Scripting (XSS) - Stored in osticket/osticket
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
4.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c6353bab-c382-47f6-937b-56d253f2e8d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/091ddba965132d26bdbeb004fcc44bd8fd056b71"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1316",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:53:18.349623Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:53:26.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c6353bab-c382-47f6-937b-56d253f2e8d3"
},
{
"url": "https://github.com/osticket/osticket/commit/091ddba965132d26bdbeb004fcc44bd8fd056b71"
}
],
"source": {
"advisory": "c6353bab-c382-47f6-937b-56d253f2e8d3",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1316",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-03-03T20:53:26.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1320 (GCVE-0-2023-1320)
Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-02-27 19:00
VLAI?
Title
Cross-site Scripting (XSS) - Stored in osticket/osticket
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
7.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c2bb34ac-452d-4624-a1b9-c5b54f52f0cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/86f9693dc64ed54220ed6c10e13e824ca4f6aacf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1320",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T18:59:19.278318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T19:00:08.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c2bb34ac-452d-4624-a1b9-c5b54f52f0cd"
},
{
"url": "https://github.com/osticket/osticket/commit/86f9693dc64ed54220ed6c10e13e824ca4f6aacf"
}
],
"source": {
"advisory": "c2bb34ac-452d-4624-a1b9-c5b54f52f0cd",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1320",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-27T19:00:08.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1315 (GCVE-0-2023-1315)
Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-03-03 20:57
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in osticket/osticket
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/70a7fd8c-7e6f-4a43-9f8c-163b8967b16e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/ec6043935b4e30b5c0dfa544e256717182808a2e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T20:57:07.475459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T20:57:18.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/70a7fd8c-7e6f-4a43-9f8c-163b8967b16e"
},
{
"url": "https://github.com/osticket/osticket/commit/ec6043935b4e30b5c0dfa544e256717182808a2e"
}
],
"source": {
"advisory": "70a7fd8c-7e6f-4a43-9f8c-163b8967b16e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1315",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-03-03T20:57:18.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1318 (GCVE-0-2023-1318)
Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-02-28 14:41
VLAI?
Title
Cross-site Scripting (XSS) - Generic in osticket/osticket
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e58b38e0-4897-4bb0-84e8-a7ad8efab338"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/343a2b47e164dd9090a3c9477ef273f0efa16a7d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1318",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T14:40:51.538566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T14:41:52.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e58b38e0-4897-4bb0-84e8-a7ad8efab338"
},
{
"url": "https://github.com/osticket/osticket/commit/343a2b47e164dd9090a3c9477ef273f0efa16a7d"
}
],
"source": {
"advisory": "e58b38e0-4897-4bb0-84e8-a7ad8efab338",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1318",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-28T14:41:52.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1317 (GCVE-0-2023-1317)
Vulnerability from cvelistv5 – Published: 2023-03-10 00:00 – Updated: 2025-02-27 21:09
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in osticket/osticket
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < v1.16.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:41:00.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/c3e27af2-358b-490b-9baf-e451663e4e5f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/daee20fdd8ac926d9aee700b201ac2cb35d448ca"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1317",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T21:09:14.628896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T21:09:23.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "v1.16.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-10T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/c3e27af2-358b-490b-9baf-e451663e4e5f"
},
{
"url": "https://github.com/osticket/osticket/commit/daee20fdd8ac926d9aee700b201ac2cb35d448ca"
}
],
"source": {
"advisory": "c3e27af2-358b-490b-9baf-e451663e4e5f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1317",
"datePublished": "2023-03-10T00:00:00.000Z",
"dateReserved": "2023-03-10T00:00:00.000Z",
"dateUpdated": "2025-02-27T21:09:23.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4271 (GCVE-0-2022-4271)
Vulnerability from cvelistv5 – Published: 2022-12-02 00:00 – Updated: 2025-04-14 17:52
VLAI?
Title
Cross-site Scripting (XSS) - Reflected in osticket/osticket
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| osticket | osticket/osticket |
Affected:
unspecified , < 1.16.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:49.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/osticket/osticket/commit/5213ff138c6be6144a6692376ac0803a42eca168"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4271",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:17:49.804868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:52:11.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "osticket/osticket",
"vendor": "osticket",
"versions": [
{
"lessThan": "1.16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-02T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599"
},
{
"url": "https://github.com/osticket/osticket/commit/5213ff138c6be6144a6692376ac0803a42eca168"
}
],
"source": {
"advisory": "a11c922f-255a-412a-aa87-7f3bd7121599",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in osticket/osticket"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4271",
"datePublished": "2022-12-02T00:00:00.000Z",
"dateReserved": "2022-12-02T00:00:00.000Z",
"dateUpdated": "2025-04-14T17:52:11.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}