exploitDog

CVE-2020-16193

Опубликовано: 26 авг. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.

Ссылки

https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67
Patch
Third Party Advisory
https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9
Patch
Third Party Advisory
https://github.com/osTicket/osTicket/blob/develop/include/staff/banrule.inc.php#L67
Patch
Third Party Advisory
https://github.com/osTicket/osTicket/pull/5616/commits/fb570820ef1138776f929a179906e1d8089179d9
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*

Версия до 1.14.3 (исключая)

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-q88j-2hcx-grw4

github

больше 3 лет назад

osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call.

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79