enhancesoft

Top products

The 15 most recently published vulnerabilities affecting enhancesoft.

• CVE-2026-26895User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.5.3Apr 2, 2026
• CVE-2026-22200osTicket (1.18.x < 1.18.3, 1.17.x < 1.17.7) PDF Export Arbitrary File Read7.5Jan 12, 2026
• CVE-2023-46967Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket.6.1Feb 20, 2024
• CVE-2023-27148A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th...4.8Oct 23, 2023
• CVE-2023-27149A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input param...4.8Oct 23, 2023
• CVE-2021-45811A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_i...6.5Sep 8, 2023
• CVE-2023-30082A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the websi...7.5Jun 14, 2023
• CVE-2022-31890SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.9.8Apr 5, 2023
• CVE-2022-31888Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.8.8Apr 5, 2023
• CVE-2022-31889Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.6.1Apr 5, 2023
• CVE-2023-1315Cross-site Scripting (XSS) - Reflected in osticket/osticket5.4Mar 10, 2023
• CVE-2023-1320Cross-site Scripting (XSS) - Stored in osticket/osticket6.1Mar 10, 2023
• CVE-2023-1317Cross-site Scripting (XSS) - Reflected in osticket/osticket5.4Mar 10, 2023
• CVE-2023-1318Cross-site Scripting (XSS) - Generic in osticket/osticket5.4Mar 10, 2023
• CVE-2023-1316Cross-site Scripting (XSS) - Stored in osticket/osticket5.4Mar 10, 2023