A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.
References
Link Resource
https://www.esecforte.com/cve-2023-27148-osticket_xss/ Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-10-23T00:00:00

Updated: 2023-10-23T19:25:40.695203

Reserved: 2023-02-27T00:00:00


Link: CVE-2023-27148

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-10-23T20:15:08.817

Modified: 2023-10-27T19:40:46.700


Link: CVE-2023-27148

JSON object: View

cve-icon Redhat Information

No data.

CWE