Description

A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.

Remediation

References

CVE-2023-27148

Related Vulnerabilities

Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2021-20184)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.9)

Jenkins Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2020-2105)

Oracle Database Server CVE-2014-6563 Vulnerability (CVE-2014-6563)

WordPress Plugin Lightbox Gallery Cross-Site Scripting (0.9.4)

Severity

Medium

Classification

CVE-2023-27148 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities