Lucene search

@huntrdevCVE-2022-4271

HistoryDec 02, 2022 - 4:15 p.m.

CVE-2022-4271

2022-12-0216:15:09

CWE-79

@huntrdev

web.nvd.nist.gov

cve-2022-4271

cross-site scripting

xss

github

osticket

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

21.5%

JSON

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.

Affected configurations

Nvd

Node

enhancesoftosticketRange<1.16.4

VendorProductVersionCPE
enhancesoftosticket*cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enhancesoft	osticket	*	cpe:2.3:a:enhancesoft:osticket::::::::

CNA Affected

[
  {
    "vendor": "osticket",
    "product": "osticket/osticket",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.16.4",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/osticket/osticket/commit/5213ff138c6be6144a6692376ac0803a42eca168

huntr.dev/bounties/a11c922f-255a-412a-aa87-7f3bd7121599