enhancesoft 漏洞与 CVE 列表(47)

产品(CPE): — CVE 数: 47

enhancesoft 漏洞概览

汇总 enhancesoft 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

已披露问题常与 路径处理缺陷、缓冲区溢出与输入验证问题 相关,可能在 生产负载与软件部署 场景中带来 应用崩溃与内存损坏 等暴露风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12047 CVE 数
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-26895 User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform. [email protected] 5.3 0.35% 2026-04-02 2026-07-04
CVE-2026-22200 Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the serve [email protected] 8.7 73.12% 2026-01-12 2026-06-17
CVE-2025-26241 A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. [email protected] 6.5 0.24% 2025-05-05 2026-07-10
CVE-2023-46967 Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket. [email protected] 6.1 0.44% 2024-02-20 2026-06-17
CVE-2023-27149 A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. [email protected] 4.8 0.35% 2023-10-23 2026-06-17
CVE-2023-27148 A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. [email protected] 4.8 0.35% 2023-10-23 2026-06-17
CVE-2021-45811 A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination. [email protected] 6.5 2.45% 2023-09-07 2026-07-08
CVE-2023-30082 A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory. [email protected] 7.5 1.00% 2023-06-14 2026-06-17
CVE-2022-31890 SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function. [email protected] 9.8 1.50% 2023-04-05 2026-06-17
CVE-2022-31889 Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae. [email protected] 6.1 0.65% 2023-04-05 2026-06-17
CVE-2022-31888 Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. [email protected] 8.8 1.21% 2023-04-05 2026-06-17
CVE-2023-1320 Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. [email protected] 6.1 0.62% 2023-03-10 2026-06-17
CVE-2023-1319 Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. [email protected] 4.8 0.47% 2023-03-10 2026-06-17
CVE-2023-1318 Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. [email protected] 5.4 1.01% 2023-03-10 2026-06-17
CVE-2023-1317 Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. [email protected] 5.4 1.01% 2023-03-10 2026-06-17
CVE-2023-1316 Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. [email protected] 5.4 0.51% 2023-03-10 2026-06-17
CVE-2023-1315 Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. [email protected] 5.4 1.06% 2023-03-10 2026-06-17
CVE-2022-4271 Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. [email protected] 5.4 0.67% 2022-12-02 2026-06-17
CVE-2022-32074 A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. [email protected] 5.4 1.39% 2022-07-13 2026-07-10
CVE-2021-42235 SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. [email protected] 9.8 0.97% 2022-05-04 2026-06-17
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
cvelogic Threat Intelligence