CVE-2014-4744

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
enhancesoftosticket
1.8.0
enhancesoftosticket
1.8.0:rc1
enhancesoftosticket
1.8.0:rc2
enhancesoftosticket
1.8.0.1
enhancesoftosticket
1.8.0.2
enhancesoftosticket
1.8.0.3
enhancesoftosticket
1.8.0.4
enhancesoftosticket
1.8.1:rc1
enhancesoftosticket
1.8.1.1
enhancesoftosticket
1.8.1.2
enhancesoftosticket
1.8.3
enhancesoftosticket
1.8.4
enhancesoftosticket
1.9.0
osticketosticket
𝑥
≤ 1.9.1
osticketosticket
1.0
osticketosticket
1.2.7
osticketosticket
1.3.0
osticketosticket
1.6:rc1
osticketosticket
1.6:rc2
osticketosticket
1.6:rc3
osticketosticket
1.6:rc4
osticketosticket
1.6:rc5
osticketosticket
1.6.0
osticketosticket
1.8.1
osticketosticket
1.8.1:developer_preview
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/59539
http://www.securityfocus.com/bid/68500
https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2
https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/
http://secunia.com/advisories/59539
http://www.securityfocus.com/bid/68500
https://github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2
https://www.netsparker.com/critical-xss-vulnerabilities-in-osticket/