Description

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

Remediation

References

CVE-2014-4744

Related Vulnerabilities

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction SQL Injection (3.7.1.5)

MySQL CVE-2021-35635 Vulnerability (CVE-2021-35635)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3092)

Moodle Improper Input Validation Vulnerability (CVE-2021-3943)

Severity

Medium

Classification

CVE-2014-4744 CWE-707

Tags

Missing Update Known Vulnerabilities