CVE-2018-7192 in osTicketinfo

Summary

Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

02/17/2018

Disclosure

03/27/2018

Entries

1

CPE

ready

CVSS

5.7

EPSS

0.00369

Activities

Very Low

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2018-7192
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2018-7192
CVE Detailshttps://www.cvedetails.com/cve/CVE-2018-7192/

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!