A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
References
Link | Resource |
---|---|
https://github.com/osTicket/osTicket-plugins | Product Third Party Advisory |
https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae | Patch Third Party Advisory |
https://owasp.org/www-community/attacks/xss/ | Third Party Advisory |
Configurations
History
20 Jul 2022, 13:55
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CPE | cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | (MISC) https://github.com/osTicket/osTicket-plugins - Product, Third Party Advisory | |
References | (MISC) https://github.com/osTicket/osTicket-plugins/commit/a7842d494889fd5533d13deb3c6a7789768795ae - Patch, Third Party Advisory | |
References | (MISC) https://owasp.org/www-community/attacks/xss/ - Third Party Advisory |
13 Jul 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-13 16:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-32074
Mitre link : CVE-2022-32074
CVE.ORG link : CVE-2022-32074
JSON object : View
Products Affected
osticket
- osticket
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')