CVE-2017-15362

NONE EPSS 64.7%
Published Oct 16, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 16, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.

Threat Intelligence

EPSS Exploit Probability
64.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
osticketosticket1.10.1any

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.