Description

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

Remediation

References

CVE-2014-4744

Related Vulnerabilities

WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Scripting (1.9.11)

WordPress Plugin bbPress Social Network Multiple Cross-Site Scripting Vulnerabilities (9.2)

Ruby on Rails CVE-2024-28103 Vulnerability (CVE-2024-28103)

Oracle Database Server Other Vulnerability (CVE-2006-1884)

SugarCRM Other Vulnerability (CVE-2006-6712)

Severity

Medium

Classification

CVE-2014-4744 CWE-707

Tags

Missing Update Known Vulnerabilities