CVE-2017-15362
NONE EPSS 64.7%
Published Oct 16, 20178y ago · Modified Jun 17, 20262w ago
Published Oct 16, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.
Threat Intelligence
EPSS Exploit Probability
64.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| osticket | osticket | 1.10.1 | any |
References 1
- becomepentester.blogspot.ae https://becomepentester.blogspot.ae/2017/10/osTicket-XSS-CVE-2017-15362.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.