VYPR
Vendor

Osticket

Products
1
CVEs
60
Across products
60
Status
Private

Products

1

Recent CVEs

60
View all 60 CVEs →
  • CVE-2017-15580CriOct 23, 2017
    risk 0.68cvss 9.8epss 0.16

    osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a…

  • CVE-2017-14396CriSep 12, 2017
    risk 0.60cvss 9.8epss 0.03

    In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

  • CVE-2018-7195HigMar 27, 2018
    risk 0.53cvss 8.1epss 0.01

    Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.

  • CVE-2018-7196MedMar 27, 2018
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter.

  • CVE-2018-7193MedMar 27, 2018
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.

  • CVE-2018-7192MedMar 27, 2018
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.

  • CVE-2017-15362MedOct 16, 2017
    risk 0.40cvss 6.1epss 0.01

    osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish…

  • CVE-2026-9507MedJun 16, 2026
    risk 0.33cvss epss 0.00

    A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by keeping the initial session identifier (OSTSESSID) active after a successful login. The issue lies in the fact that the…

  • CVE-2018-7194MedMar 27, 2018
    risk 0.32cvss 4.9epss 0.01

    Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting.

  • CVE-2026-26895MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.00

    User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.

  • CVE-2026-8194MedMay 9, 2026
    risk 0.21cvss 4.3epss 0.00

    A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument _method leads to cross-site request forgery. Remote exploitation of the…

  • CVE-2026-22200Jan 12, 2026
    risk 0.09cvss epss 0.73

    Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which…

  • CVE-2020-24881Nov 2, 2020
    risk 0.09cvss epss 0.73

    SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

  • CVE-2021-45811Sep 8, 2023
    risk 0.05cvss epss 0.03

    A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

  • CVE-2019-14749Aug 7, 2019
    risk 0.04cvss epss 0.10

    An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields…

  • CVE-2019-14750Aug 7, 2019
    risk 0.04cvss epss 0.12

    An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields…

  • CVE-2004-0613Dec 6, 2004
    risk 0.04cvss epss 0.10

    osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.

  • CVE-2019-14748Aug 7, 2019
    risk 0.03cvss epss 0.03

    An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the…

  • CVE-2019-11537Apr 25, 2019
    risk 0.03cvss epss 0.05

    In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can…

  • CVE-2010-0605Feb 11, 2010
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.