Cross Site Scripting in Enhancesoft osTicket 1.18.0
CVE-2023-46967

6.1MEDIUM

Key Information:

Vendor: Enhancesoft
Status: osTicket
Vendor: CVE Published:; 20 February 2024

🔔 Create Enhancesoft Vulnerability Alert

What is CVE-2023-46967?

A Cross Site Scripting vulnerability exists in the sanitize function of Enhancesoft osTicket version 1.18.0. This flaw allows remote attackers to craft malicious support tickets, potentially leading to privilege escalation. By leveraging this weakness, an attacker could manipulate the behavior of the application, possibly exposing sensitive information or gaining unauthorized access to user accounts.

References

https://www.sonarsource.com/blog/pitfalls-of-desanitizati...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2024
Vulnerability Reserved
Oct 30, 2023

CVE-2023-46967 Data

JSON