Description

Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.

Remediation

References

CVE-2010-0606

Related Vulnerabilities

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.29)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-6289)

MySQL CVE-2017-3637 Vulnerability (CVE-2017-3637)

WordPress Plugin Button Widget Smartsoft Cross-Site Request Forgery (1.0.1)

Python Resource Management Errors Vulnerability (CVE-2012-0845)

Severity

Low

Classification

CVE-2010-0606 CWE-707

Tags

Missing Update Known Vulnerabilities