CVE-2014-4744

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
enhancesoftosticket
𝑥
≤ 1.9.1
enhancesoftosticket
1.0
enhancesoftosticket
1.2.7
enhancesoftosticket
1.3.0
enhancesoftosticket
1.6:rc1
enhancesoftosticket
1.6:rc2
enhancesoftosticket
1.6:rc3
enhancesoftosticket
1.6:rc4
enhancesoftosticket
1.6:rc5
enhancesoftosticket
1.6.0
enhancesoftosticket
1.8.0
enhancesoftosticket
1.8.0:rc1
enhancesoftosticket
1.8.0:rc2
enhancesoftosticket
1.8.0.1
enhancesoftosticket
1.8.0.2
enhancesoftosticket
1.8.0.3
enhancesoftosticket
1.8.0.4
enhancesoftosticket
1.8.1
enhancesoftosticket
1.8.1:developer_preview
enhancesoftosticket
1.8.1:rc1
enhancesoftosticket
1.8.1.1
enhancesoftosticket
1.8.1.2
enhancesoftosticket
1.8.3
enhancesoftosticket
1.8.4
enhancesoftosticket
1.9.0
𝑥
= Vulnerable software versions