Unrated severityNVD Advisory· Published Aug 30, 2020· Updated Aug 4, 2024
CVE-2020-24917
CVE-2020-24917
Description
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- osTicket/osTicketdescription
Patches
Vulnerability mechanics
References
3- github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193dmitrex_refsource_MISC
- github.com/osTicket/osTicket/compare/v1.14.2...v1.14.3mitrex_refsource_MISC
- sisl.lab.uic.edu/projects/chess/osticket-xss/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.