Known Vulnerabilities for products from Enhancesoft
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Enhancesoft".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-26895 json | User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames regis... | Not Provided | 2026-04-02 | 2026-04-07 |
| CVE-2023-30082 json | A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characte... | 7.5 - HIGH | 2023-06-14 | 2023-06-28 |
| CVE-2023-27149 json | A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web s... | 4.8 - MEDIUM | 2023-10-23 | 2023-10-27 |
| CVE-2023-27148 json | A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to exec... | 4.8 - MEDIUM | 2023-10-23 | 2023-10-27 |
| CVE-2023-1320 json | Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 6.1 - MEDIUM | 2023-03-10 | 2023-03-13 |
| CVE-2023-1319 json | Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 4.8 - MEDIUM | 2023-03-10 | 2023-03-13 |
| CVE-2023-1318 json | Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 - MEDIUM | 2023-03-10 | 2023-03-13 |
| CVE-2023-1317 json | Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 - MEDIUM | 2023-03-10 | 2023-03-13 |
| CVE-2023-1316 json | Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 - MEDIUM | 2023-03-10 | 2023-03-13 |
| CVE-2023-1315 json | Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | 5.4 - MEDIUM | 2023-03-10 | 2023-03-13 |
| CVE-2022-31890 json | SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7... | 9.8 - CRITICAL | 2023-04-05 | 2023-04-12 |
| CVE-2022-31889 json | Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a78... | 6.1 - MEDIUM | 2023-04-05 | 2023-04-12 |
| CVE-2022-31888 json | Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. | 8.8 - HIGH | 2023-04-05 | 2023-04-17 |
| CVE-2022-4271 json | Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4. | 5.4 - MEDIUM | 2022-12-02 | 2022-12-05 |
| CVE-2021-45811 json | A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated att... | 6.5 - MEDIUM | 2023-09-08 | 2023-09-18 |
| CVE-2021-42235 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-05-04 | 2022-05-13 |
| CVE-2020-22609 json | Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class... | 6.1 - MEDIUM | 2021-06-28 | 2021-07-01 |
| CVE-2020-22608 json | Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search... | 6.1 - MEDIUM | 2021-06-28 | 2021-07-01 |
| CVE-2020-14012 json | scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase Category Name or Category Description. The attacker must... | 5.4 - MEDIUM | 2020-06-10 | 2020-07-01 |
| CVE-2020-12629 json | include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. | 5.4 - MEDIUM | 2020-05-04 | 2020-05-06 |
Known software with vulnerabilities from Enhancesoft
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Enhancesoft | Osticket | 1.10 |