Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket.
References
Configurations
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-07-09 17:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-13397
Mitre link : CVE-2019-13397
CVE.ORG link : CVE-2019-13397
JSON object : View
Products Affected
enhancesoft
- osticket
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')