Every CVE whose affected-product data names Enhancesoft Osticket, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2021-42235 — CVSS 9.8 (critical): SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration…
CVE-2022-31888 — CVSS 8.8 (high): Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
CVE-2023-30082 — CVSS 7.5 (high): A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is…
CVE-2026-22200 — CVSS 7.5 (high): Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket…
CVE-2021-45811 — CVSS 6.5 (medium): A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to…
CVE-2019-13397 — CVSS 6.1 (medium): Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML…
CVE-2020-22609 — CVSS 6.1 (medium): Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php.
CVE-2023-46967 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges…
CVE-2020-22608 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php.
CVE-2020-14012 — CVSS 5.4 (medium): scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must be an Agent.
CVE-2026-26895 — CVSS 5.3 (medium): User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the…
CVE-2023-27149 — CVSS 4.8 (medium): A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML…
CVE-2023-27148 — CVSS 4.8 (medium): A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary…
CVE-2014-4744 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML…