Description

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

Remediation

References

CVE-2014-4744

Related Vulnerabilities

WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)

MySQL CVE-2011-2262 Vulnerability (CVE-2011-2262)

WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.2)

ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)

PHP Other Vulnerability (CVE-2016-4343)

Severity

Medium

Classification

CVE-2014-4744 CWE-707

Tags

Missing Update Known Vulnerabilities