CVE-2014-4744CVE-2014-4744

Affected configuration(s):

cpe:/a:osticket:osticket:1.0
cpe:/a:osticket:osticket:1.2.7
cpe:/a:osticket:osticket:1.3.0
cpe:/a:osticket:osticket:1.6:rc1
cpe:/a:osticket:osticket:1.6:rc2
cpe:/a:osticket:osticket:1.6:rc3
cpe:/a:osticket:osticket:1.6:rc4
cpe:/a:osticket:osticket:1.6:rc5
cpe:/a:osticket:osticket:1.6.0
cpe:/a:osticket:osticket:1.8.0
cpe:/a:osticket:osticket:1.8.0:rc1
cpe:/a:osticket:osticket:1.8.0:rc2
cpe:/a:osticket:osticket:1.8.0.1
cpe:/a:osticket:osticket:1.8.0.2
cpe:/a:osticket:osticket:1.8.0.3
cpe:/a:osticket:osticket:1.8.0.4
cpe:/a:osticket:osticket:1.8.1
cpe:/a:osticket:osticket:1.8.1:developer_preview
cpe:/a:osticket:osticket:1.8.1:rc1
cpe:/a:osticket:osticket:1.8.1.1
cpe:/a:osticket:osticket:1.8.1.2
cpe:/a:osticket:osticket:1.8.3
cpe:/a:osticket:osticket:1.8.4
cpe:/a:osticket:osticket:1.9.0
cpe:/a:osticket:osticket:1.9.1

Date published: 2014-07-09T10:55:04.343-04:00

Date last modified: 2015-10-05T22:39:12.987-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/68500

Summary: Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.