CVE Tools

osticket

Enterprise Softwareoss-project

27

Cumulative CVEs

12

Monthly snapshots

#28

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting osticket.

CVE-2025-45387osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.5.4Jun 2, 2025
CVE-2025-26241A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic...6.5May 5, 2025
CVE-2023-1320Cross-site Scripting (XSS) - Stored in osticket/osticket6.1Mar 10, 2023
CVE-2023-1319Cross-site Scripting (XSS) - Stored in osticket/osticket4.8Mar 10, 2023
CVE-2023-1318Cross-site Scripting (XSS) - Generic in osticket/osticket5.4Mar 10, 2023
CVE-2023-1317Cross-site Scripting (XSS) - Reflected in osticket/osticket5.4Mar 10, 2023
CVE-2023-1316Cross-site Scripting (XSS) - Stored in osticket/osticket5.4Mar 10, 2023
CVE-2023-1315Cross-site Scripting (XSS) - Reflected in osticket/osticket5.4Mar 10, 2023
CVE-2022-4271Cross-site Scripting (XSS) - Reflected in osticket/osticket5.4Dec 2, 2022
CVE-2022-32074A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to ...5.4Jul 13, 2022
CVE-2020-24881SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.9.8Nov 2, 2020
CVE-2020-24917osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.6.1Aug 30, 2020
CVE-2020-16193osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.5.4Aug 26, 2020
CVE-2019-14748An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality...5.4Aug 7, 2019
CVE-2019-14749An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically...8.8Aug 7, 2019