Description

Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.

Remediation

References

CVE-2018-7193

Related Vulnerabilities

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)

Drupal Core 8.9.0 Security Bypass (8.9.0)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3717)

WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)

WordPress 3.8.x Possible SQL Injection Vulnerability (3.8 - 3.8.22)

Severity

Medium

Classification

CVE-2018-7193 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities