VYPR
Unrated severityNVD Advisory· Published Feb 11, 2010· Updated Jun 16, 2026

CVE-2010-0606

CVE-2010-0606

Description

Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.

Affected products

9
  • Osticket/Osticket9 versions
    cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*
    • cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*
    • cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*
    • cpe:2.3:a:osticket:osticket:1.6:rc4:*:*:*:*:*:*
    • cpe:2.3:a:osticket:osticket:*:rc5:*:*:*:*:*:*range: <=1.6
    • (no CPE)range: <1.6.0 Stable

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.