Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter.
References
Link Resource
https://blog.securityevaluators.com/vulnerabilities-found-in-popular-ticketing-system-dd273bda229c Exploit Technical Description Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-27T17:00:00

Updated: 2018-03-27T17:57:01

Reserved: 2018-02-17T00:00:00


Link: CVE-2018-7193

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-03-27T17:29:00.553

Modified: 2018-04-17T18:46:30.747


Link: CVE-2018-7193

JSON object: View

cve-icon Redhat Information

No data.

CWE