Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.
References
Link Resource
https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c Exploit Technical Description Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-27T17:00:00

Updated: 2018-03-27T17:57:01

Reserved: 2018-02-17T00:00:00


Link: CVE-2018-7192

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-03-27T17:29:00.493

Modified: 2018-04-17T18:43:50.947


Link: CVE-2018-7192

JSON object: View

cve-icon Redhat Information

No data.

CWE