Description

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.

Remediation

References

CVE-2023-27148

Related Vulnerabilities

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.2)

WordPress Plugin ICustomizer Cross-Site Scripting (1.4.13)

WordPress Plugin Bing Site Verification using Meta Tag Cross-Site Scripting (1.0)

WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-26071)

Severity

Medium

Classification

CVE-2023-27148 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities