CVE-2020-24917
N/A
N/A
Summary
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d
- https://github.com/osTicket/osTicket/compare/v1.14.2…v1.14.3
- https://sisl.lab.uic.edu/projects/chess/osticket-xss/
References
- https://github.com/osTicket/osTicket/commit/518de223933eab0c5558741ce317f36958ef193d
- https://github.com/osTicket/osTicket/compare/v1.14.2…v1.14.3
- https://sisl.lab.uic.edu/projects/chess/osticket-xss/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.