Unrated severityNVD Advisory· Published May 3, 2005· Updated Apr 16, 2026

CVE-2005-1436

Description

Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.

Affected products

Osticket/Osticket2 versions
cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/15216nvdExploit
www.gulftech.orgnvdExploit
www.osvdb.org/16270nvd
www.osvdb.org/16271nvd
www.osvdb.org/16272nvd
www.osvdb.org/16273nvd
www.osvdb.org/16274nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000