WEB APPLICATION VULNERABILITIES Standard & Premium

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4744)

Description

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

Remediation

References

Related Vulnerabilities

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5024)

MySQL CVE-2013-1570 Vulnerability (CVE-2013-1570)

WordPress 5.0.x Prototype Pollution (5.0 - 5.0.15)

ownCloud Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1893)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44310)

Severity

Medium

Classification

CVE-2014-4744 CWE-707

Tags

Missing Update Known Vulnerabilities