Lucene search

MitreCVE-2014-4744

HistoryJul 09, 2014 - 2:55 p.m.

CVE-2014-4744

2014-07-0914:55:04

CWE-79

mitre

web.nvd.nist.gov

xss

osticket

1.9.2

cve-2014-4744

nvd

web security

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) do parameter to account.php.

Affected configurations

Nvd

Node

enhancesoftosticketMatch1.8.0

enhancesoftosticketMatch1.8.0rc1

enhancesoftosticketMatch1.8.0rc2

enhancesoftosticketMatch1.8.0.1

enhancesoftosticketMatch1.8.0.2

enhancesoftosticketMatch1.8.0.3

enhancesoftosticketMatch1.8.0.4

enhancesoftosticketMatch1.8.1rc1

enhancesoftosticketMatch1.8.1.1

enhancesoftosticketMatch1.8.1.2

enhancesoftosticketMatch1.8.3

enhancesoftosticketMatch1.8.4

enhancesoftosticketMatch1.9.0

osticketosticketRange≤1.9.1

osticketosticketMatch1.0

osticketosticketMatch1.2.7

osticketosticketMatch1.3.0

osticketosticketMatch1.6rc1

osticketosticketMatch1.6rc2

osticketosticketMatch1.6rc3

osticketosticketMatch1.6rc4

osticketosticketMatch1.6rc5

osticketosticketMatch1.6.0

osticketosticketMatch1.8.1

osticketosticketMatch1.8.1developer_preview

VendorProductVersionCPE
enhancesoftosticket1.8.0cpe:2.3:a:enhancesoft:osticket:1.8.0:*:*:*:*:*:*:*
enhancesoftosticket1.8.0cpe:2.3:a:enhancesoft:osticket:1.8.0:rc1:*:*:*:*:*:*
enhancesoftosticket1.8.0cpe:2.3:a:enhancesoft:osticket:1.8.0:rc2:*:*:*:*:*:*
enhancesoftosticket1.8.0.1cpe:2.3:a:enhancesoft:osticket:1.8.0.1:*:*:*:*:*:*:*
enhancesoftosticket1.8.0.2cpe:2.3:a:enhancesoft:osticket:1.8.0.2:*:*:*:*:*:*:*
enhancesoftosticket1.8.0.3cpe:2.3:a:enhancesoft:osticket:1.8.0.3:*:*:*:*:*:*:*
enhancesoftosticket1.8.0.4cpe:2.3:a:enhancesoft:osticket:1.8.0.4:*:*:*:*:*:*:*
enhancesoftosticket1.8.1cpe:2.3:a:enhancesoft:osticket:1.8.1:rc1:*:*:*:*:*:*
enhancesoftosticket1.8.1.1cpe:2.3:a:enhancesoft:osticket:1.8.1.1:*:*:*:*:*:*:*
enhancesoftosticket1.8.1.2cpe:2.3:a:enhancesoft:osticket:1.8.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enhancesoft	osticket	1.8.0	cpe:2.3:a:enhancesoft:osticket:1.8.0:::::::*
enhancesoft	osticket	1.8.0	cpe:2.3:a:enhancesoft:osticket:1.8.0:rc1::::::
enhancesoft	osticket	1.8.0	cpe:2.3:a:enhancesoft:osticket:1.8.0:rc2::::::
enhancesoft	osticket	1.8.0.1	cpe:2.3:a:enhancesoft:osticket:1.8.0.1:::::::*
enhancesoft	osticket	1.8.0.2	cpe:2.3:a:enhancesoft:osticket:1.8.0.2:::::::*
enhancesoft	osticket	1.8.0.3	cpe:2.3:a:enhancesoft:osticket:1.8.0.3:::::::*
enhancesoft	osticket	1.8.0.4	cpe:2.3:a:enhancesoft:osticket:1.8.0.4:::::::*
enhancesoft	osticket	1.8.1	cpe:2.3:a:enhancesoft:osticket:1.8.1:rc1::::::
enhancesoft	osticket	1.8.1.1	cpe:2.3:a:enhancesoft:osticket:1.8.1.1:::::::*
enhancesoft	osticket	1.8.1.2	cpe:2.3:a:enhancesoft:osticket:1.8.1.2:::::::*

Rows per page:

1-10 of 251

References

secunia.com/advisories/59539

www.securityfocus.com/bid/68500

github.com/osTicket/osTicket-1.8/releases/tag/v1.9.2

www.netsparker.com/critical-xss-vulnerabilities-in-osticket/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

58.6%

JSON

Related for CVE-2014-4744